1 /* 2 * hostapd / UNIX domain socket -based control interface 3 * Copyright (c) 2004-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #ifndef CONFIG_NATIVE_WINDOWS 12 13 #ifdef CONFIG_TESTING_OPTIONS 14 #include <net/ethernet.h> 15 #include <netinet/ip.h> 16 #endif /* CONFIG_TESTING_OPTIONS */ 17 18 #include <sys/un.h> 19 #include <sys/stat.h> 20 #include <stddef.h> 21 22 #ifdef CONFIG_CTRL_IFACE_UDP 23 #include <netdb.h> 24 #endif /* CONFIG_CTRL_IFACE_UDP */ 25 26 #include "utils/common.h" 27 #include "utils/eloop.h" 28 #include "utils/module_tests.h" 29 #include "common/version.h" 30 #include "common/ieee802_11_defs.h" 31 #include "common/ctrl_iface_common.h" 32 #include "crypto/tls.h" 33 #include "drivers/driver.h" 34 #include "eapol_auth/eapol_auth_sm.h" 35 #include "radius/radius_client.h" 36 #include "radius/radius_server.h" 37 #include "l2_packet/l2_packet.h" 38 #include "ap/hostapd.h" 39 #include "ap/ap_config.h" 40 #include "ap/ieee802_1x.h" 41 #include "ap/wpa_auth.h" 42 #include "ap/ieee802_11.h" 43 #include "ap/sta_info.h" 44 #include "ap/wps_hostapd.h" 45 #include "ap/ctrl_iface_ap.h" 46 #include "ap/ap_drv_ops.h" 47 #include "ap/hs20.h" 48 #include "ap/wnm_ap.h" 49 #include "ap/wpa_auth.h" 50 #include "ap/beacon.h" 51 #include "ap/neighbor_db.h" 52 #include "ap/rrm.h" 53 #include "ap/dpp_hostapd.h" 54 #include "wps/wps_defs.h" 55 #include "wps/wps.h" 56 #include "fst/fst_ctrl_iface.h" 57 #include "config_file.h" 58 #include "ctrl_iface.h" 59 60 61 #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256 62 63 #ifdef CONFIG_CTRL_IFACE_UDP 64 #define COOKIE_LEN 8 65 static unsigned char cookie[COOKIE_LEN]; 66 static unsigned char gcookie[COOKIE_LEN]; 67 #define HOSTAPD_CTRL_IFACE_PORT 8877 68 #define HOSTAPD_CTRL_IFACE_PORT_LIMIT 50 69 #define HOSTAPD_GLOBAL_CTRL_IFACE_PORT 8878 70 #define HOSTAPD_GLOBAL_CTRL_IFACE_PORT_LIMIT 50 71 #endif /* CONFIG_CTRL_IFACE_UDP */ 72 73 static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, 74 enum wpa_msg_type type, 75 const char *buf, size_t len); 76 77 78 static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd, 79 struct sockaddr_storage *from, 80 socklen_t fromlen) 81 { 82 return ctrl_iface_attach(&hapd->ctrl_dst, from, fromlen); 83 } 84 85 86 static int hostapd_ctrl_iface_detach(struct hostapd_data *hapd, 87 struct sockaddr_storage *from, 88 socklen_t fromlen) 89 { 90 return ctrl_iface_detach(&hapd->ctrl_dst, from, fromlen); 91 } 92 93 94 static int hostapd_ctrl_iface_level(struct hostapd_data *hapd, 95 struct sockaddr_storage *from, 96 socklen_t fromlen, 97 char *level) 98 { 99 return ctrl_iface_level(&hapd->ctrl_dst, from, fromlen, level); 100 } 101 102 103 static int hostapd_ctrl_iface_new_sta(struct hostapd_data *hapd, 104 const char *txtaddr) 105 { 106 u8 addr[ETH_ALEN]; 107 struct sta_info *sta; 108 109 wpa_printf(MSG_DEBUG, "CTRL_IFACE NEW_STA %s", txtaddr); 110 111 if (hwaddr_aton(txtaddr, addr)) 112 return -1; 113 114 sta = ap_get_sta(hapd, addr); 115 if (sta) 116 return 0; 117 118 wpa_printf(MSG_DEBUG, "Add new STA " MACSTR " based on ctrl_iface " 119 "notification", MAC2STR(addr)); 120 sta = ap_sta_add(hapd, addr); 121 if (sta == NULL) 122 return -1; 123 124 hostapd_new_assoc_sta(hapd, sta, 0); 125 return 0; 126 } 127 128 129 #ifdef CONFIG_IEEE80211W 130 #ifdef NEED_AP_MLME 131 static int hostapd_ctrl_iface_sa_query(struct hostapd_data *hapd, 132 const char *txtaddr) 133 { 134 u8 addr[ETH_ALEN]; 135 u8 trans_id[WLAN_SA_QUERY_TR_ID_LEN]; 136 137 wpa_printf(MSG_DEBUG, "CTRL_IFACE SA_QUERY %s", txtaddr); 138 139 if (hwaddr_aton(txtaddr, addr) || 140 os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) 141 return -1; 142 143 ieee802_11_send_sa_query_req(hapd, addr, trans_id); 144 145 return 0; 146 } 147 #endif /* NEED_AP_MLME */ 148 #endif /* CONFIG_IEEE80211W */ 149 150 151 #ifdef CONFIG_WPS 152 static int hostapd_ctrl_iface_wps_pin(struct hostapd_data *hapd, char *txt) 153 { 154 char *pin = os_strchr(txt, ' '); 155 char *timeout_txt; 156 int timeout; 157 u8 addr_buf[ETH_ALEN], *addr = NULL; 158 char *pos; 159 160 if (pin == NULL) 161 return -1; 162 *pin++ = '\0'; 163 164 timeout_txt = os_strchr(pin, ' '); 165 if (timeout_txt) { 166 *timeout_txt++ = '\0'; 167 timeout = atoi(timeout_txt); 168 pos = os_strchr(timeout_txt, ' '); 169 if (pos) { 170 *pos++ = '\0'; 171 if (hwaddr_aton(pos, addr_buf) == 0) 172 addr = addr_buf; 173 } 174 } else 175 timeout = 0; 176 177 return hostapd_wps_add_pin(hapd, addr, txt, pin, timeout); 178 } 179 180 181 static int hostapd_ctrl_iface_wps_check_pin( 182 struct hostapd_data *hapd, char *cmd, char *buf, size_t buflen) 183 { 184 char pin[9]; 185 size_t len; 186 char *pos; 187 int ret; 188 189 wpa_hexdump_ascii_key(MSG_DEBUG, "WPS_CHECK_PIN", 190 (u8 *) cmd, os_strlen(cmd)); 191 for (pos = cmd, len = 0; *pos != '\0'; pos++) { 192 if (*pos < '0' || *pos > '9') 193 continue; 194 pin[len++] = *pos; 195 if (len == 9) { 196 wpa_printf(MSG_DEBUG, "WPS: Too long PIN"); 197 return -1; 198 } 199 } 200 if (len != 4 && len != 8) { 201 wpa_printf(MSG_DEBUG, "WPS: Invalid PIN length %d", (int) len); 202 return -1; 203 } 204 pin[len] = '\0'; 205 206 if (len == 8) { 207 unsigned int pin_val; 208 pin_val = atoi(pin); 209 if (!wps_pin_valid(pin_val)) { 210 wpa_printf(MSG_DEBUG, "WPS: Invalid checksum digit"); 211 ret = os_snprintf(buf, buflen, "FAIL-CHECKSUM\n"); 212 if (os_snprintf_error(buflen, ret)) 213 return -1; 214 return ret; 215 } 216 } 217 218 ret = os_snprintf(buf, buflen, "%s", pin); 219 if (os_snprintf_error(buflen, ret)) 220 return -1; 221 222 return ret; 223 } 224 225 226 #ifdef CONFIG_WPS_NFC 227 static int hostapd_ctrl_iface_wps_nfc_tag_read(struct hostapd_data *hapd, 228 char *pos) 229 { 230 size_t len; 231 struct wpabuf *buf; 232 int ret; 233 234 len = os_strlen(pos); 235 if (len & 0x01) 236 return -1; 237 len /= 2; 238 239 buf = wpabuf_alloc(len); 240 if (buf == NULL) 241 return -1; 242 if (hexstr2bin(pos, wpabuf_put(buf, len), len) < 0) { 243 wpabuf_free(buf); 244 return -1; 245 } 246 247 ret = hostapd_wps_nfc_tag_read(hapd, buf); 248 wpabuf_free(buf); 249 250 return ret; 251 } 252 253 254 static int hostapd_ctrl_iface_wps_nfc_config_token(struct hostapd_data *hapd, 255 char *cmd, char *reply, 256 size_t max_len) 257 { 258 int ndef; 259 struct wpabuf *buf; 260 int res; 261 262 if (os_strcmp(cmd, "WPS") == 0) 263 ndef = 0; 264 else if (os_strcmp(cmd, "NDEF") == 0) 265 ndef = 1; 266 else 267 return -1; 268 269 buf = hostapd_wps_nfc_config_token(hapd, ndef); 270 if (buf == NULL) 271 return -1; 272 273 res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf), 274 wpabuf_len(buf)); 275 reply[res++] = '\n'; 276 reply[res] = '\0'; 277 278 wpabuf_free(buf); 279 280 return res; 281 } 282 283 284 static int hostapd_ctrl_iface_wps_nfc_token_gen(struct hostapd_data *hapd, 285 char *reply, size_t max_len, 286 int ndef) 287 { 288 struct wpabuf *buf; 289 int res; 290 291 buf = hostapd_wps_nfc_token_gen(hapd, ndef); 292 if (buf == NULL) 293 return -1; 294 295 res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf), 296 wpabuf_len(buf)); 297 reply[res++] = '\n'; 298 reply[res] = '\0'; 299 300 wpabuf_free(buf); 301 302 return res; 303 } 304 305 306 static int hostapd_ctrl_iface_wps_nfc_token(struct hostapd_data *hapd, 307 char *cmd, char *reply, 308 size_t max_len) 309 { 310 if (os_strcmp(cmd, "WPS") == 0) 311 return hostapd_ctrl_iface_wps_nfc_token_gen(hapd, reply, 312 max_len, 0); 313 314 if (os_strcmp(cmd, "NDEF") == 0) 315 return hostapd_ctrl_iface_wps_nfc_token_gen(hapd, reply, 316 max_len, 1); 317 318 if (os_strcmp(cmd, "enable") == 0) 319 return hostapd_wps_nfc_token_enable(hapd); 320 321 if (os_strcmp(cmd, "disable") == 0) { 322 hostapd_wps_nfc_token_disable(hapd); 323 return 0; 324 } 325 326 return -1; 327 } 328 329 330 static int hostapd_ctrl_iface_nfc_get_handover_sel(struct hostapd_data *hapd, 331 char *cmd, char *reply, 332 size_t max_len) 333 { 334 struct wpabuf *buf; 335 int res; 336 char *pos; 337 int ndef; 338 339 pos = os_strchr(cmd, ' '); 340 if (pos == NULL) 341 return -1; 342 *pos++ = '\0'; 343 344 if (os_strcmp(cmd, "WPS") == 0) 345 ndef = 0; 346 else if (os_strcmp(cmd, "NDEF") == 0) 347 ndef = 1; 348 else 349 return -1; 350 351 if (os_strcmp(pos, "WPS-CR") == 0) 352 buf = hostapd_wps_nfc_hs_cr(hapd, ndef); 353 else 354 buf = NULL; 355 if (buf == NULL) 356 return -1; 357 358 res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf), 359 wpabuf_len(buf)); 360 reply[res++] = '\n'; 361 reply[res] = '\0'; 362 363 wpabuf_free(buf); 364 365 return res; 366 } 367 368 369 static int hostapd_ctrl_iface_nfc_report_handover(struct hostapd_data *hapd, 370 char *cmd) 371 { 372 size_t len; 373 struct wpabuf *req, *sel; 374 int ret; 375 char *pos, *role, *type, *pos2; 376 377 role = cmd; 378 pos = os_strchr(role, ' '); 379 if (pos == NULL) 380 return -1; 381 *pos++ = '\0'; 382 383 type = pos; 384 pos = os_strchr(type, ' '); 385 if (pos == NULL) 386 return -1; 387 *pos++ = '\0'; 388 389 pos2 = os_strchr(pos, ' '); 390 if (pos2 == NULL) 391 return -1; 392 *pos2++ = '\0'; 393 394 len = os_strlen(pos); 395 if (len & 0x01) 396 return -1; 397 len /= 2; 398 399 req = wpabuf_alloc(len); 400 if (req == NULL) 401 return -1; 402 if (hexstr2bin(pos, wpabuf_put(req, len), len) < 0) { 403 wpabuf_free(req); 404 return -1; 405 } 406 407 len = os_strlen(pos2); 408 if (len & 0x01) { 409 wpabuf_free(req); 410 return -1; 411 } 412 len /= 2; 413 414 sel = wpabuf_alloc(len); 415 if (sel == NULL) { 416 wpabuf_free(req); 417 return -1; 418 } 419 if (hexstr2bin(pos2, wpabuf_put(sel, len), len) < 0) { 420 wpabuf_free(req); 421 wpabuf_free(sel); 422 return -1; 423 } 424 425 if (os_strcmp(role, "RESP") == 0 && os_strcmp(type, "WPS") == 0) { 426 ret = hostapd_wps_nfc_report_handover(hapd, req, sel); 427 } else { 428 wpa_printf(MSG_DEBUG, "NFC: Unsupported connection handover " 429 "reported: role=%s type=%s", role, type); 430 ret = -1; 431 } 432 wpabuf_free(req); 433 wpabuf_free(sel); 434 435 return ret; 436 } 437 438 #endif /* CONFIG_WPS_NFC */ 439 440 441 static int hostapd_ctrl_iface_wps_ap_pin(struct hostapd_data *hapd, char *txt, 442 char *buf, size_t buflen) 443 { 444 int timeout = 300; 445 char *pos; 446 const char *pin_txt; 447 448 pos = os_strchr(txt, ' '); 449 if (pos) 450 *pos++ = '\0'; 451 452 if (os_strcmp(txt, "disable") == 0) { 453 hostapd_wps_ap_pin_disable(hapd); 454 return os_snprintf(buf, buflen, "OK\n"); 455 } 456 457 if (os_strcmp(txt, "random") == 0) { 458 if (pos) 459 timeout = atoi(pos); 460 pin_txt = hostapd_wps_ap_pin_random(hapd, timeout); 461 if (pin_txt == NULL) 462 return -1; 463 return os_snprintf(buf, buflen, "%s", pin_txt); 464 } 465 466 if (os_strcmp(txt, "get") == 0) { 467 pin_txt = hostapd_wps_ap_pin_get(hapd); 468 if (pin_txt == NULL) 469 return -1; 470 return os_snprintf(buf, buflen, "%s", pin_txt); 471 } 472 473 if (os_strcmp(txt, "set") == 0) { 474 char *pin; 475 if (pos == NULL) 476 return -1; 477 pin = pos; 478 pos = os_strchr(pos, ' '); 479 if (pos) { 480 *pos++ = '\0'; 481 timeout = atoi(pos); 482 } 483 if (os_strlen(pin) > buflen) 484 return -1; 485 if (hostapd_wps_ap_pin_set(hapd, pin, timeout) < 0) 486 return -1; 487 return os_snprintf(buf, buflen, "%s", pin); 488 } 489 490 return -1; 491 } 492 493 494 static int hostapd_ctrl_iface_wps_config(struct hostapd_data *hapd, char *txt) 495 { 496 char *pos; 497 char *ssid, *auth, *encr = NULL, *key = NULL; 498 499 ssid = txt; 500 pos = os_strchr(txt, ' '); 501 if (!pos) 502 return -1; 503 *pos++ = '\0'; 504 505 auth = pos; 506 pos = os_strchr(pos, ' '); 507 if (pos) { 508 *pos++ = '\0'; 509 encr = pos; 510 pos = os_strchr(pos, ' '); 511 if (pos) { 512 *pos++ = '\0'; 513 key = pos; 514 } 515 } 516 517 return hostapd_wps_config_ap(hapd, ssid, auth, encr, key); 518 } 519 520 521 static const char * pbc_status_str(enum pbc_status status) 522 { 523 switch (status) { 524 case WPS_PBC_STATUS_DISABLE: 525 return "Disabled"; 526 case WPS_PBC_STATUS_ACTIVE: 527 return "Active"; 528 case WPS_PBC_STATUS_TIMEOUT: 529 return "Timed-out"; 530 case WPS_PBC_STATUS_OVERLAP: 531 return "Overlap"; 532 default: 533 return "Unknown"; 534 } 535 } 536 537 538 static int hostapd_ctrl_iface_wps_get_status(struct hostapd_data *hapd, 539 char *buf, size_t buflen) 540 { 541 int ret; 542 char *pos, *end; 543 544 pos = buf; 545 end = buf + buflen; 546 547 ret = os_snprintf(pos, end - pos, "PBC Status: %s\n", 548 pbc_status_str(hapd->wps_stats.pbc_status)); 549 550 if (os_snprintf_error(end - pos, ret)) 551 return pos - buf; 552 pos += ret; 553 554 ret = os_snprintf(pos, end - pos, "Last WPS result: %s\n", 555 (hapd->wps_stats.status == WPS_STATUS_SUCCESS ? 556 "Success": 557 (hapd->wps_stats.status == WPS_STATUS_FAILURE ? 558 "Failed" : "None"))); 559 560 if (os_snprintf_error(end - pos, ret)) 561 return pos - buf; 562 pos += ret; 563 564 /* If status == Failure - Add possible Reasons */ 565 if(hapd->wps_stats.status == WPS_STATUS_FAILURE && 566 hapd->wps_stats.failure_reason > 0) { 567 ret = os_snprintf(pos, end - pos, 568 "Failure Reason: %s\n", 569 wps_ei_str(hapd->wps_stats.failure_reason)); 570 571 if (os_snprintf_error(end - pos, ret)) 572 return pos - buf; 573 pos += ret; 574 } 575 576 if (hapd->wps_stats.status) { 577 ret = os_snprintf(pos, end - pos, "Peer Address: " MACSTR "\n", 578 MAC2STR(hapd->wps_stats.peer_addr)); 579 580 if (os_snprintf_error(end - pos, ret)) 581 return pos - buf; 582 pos += ret; 583 } 584 585 return pos - buf; 586 } 587 588 #endif /* CONFIG_WPS */ 589 590 #ifdef CONFIG_HS20 591 592 static int hostapd_ctrl_iface_hs20_wnm_notif(struct hostapd_data *hapd, 593 const char *cmd) 594 { 595 u8 addr[ETH_ALEN]; 596 const char *url; 597 598 if (hwaddr_aton(cmd, addr)) 599 return -1; 600 url = cmd + 17; 601 if (*url == '\0') { 602 url = NULL; 603 } else { 604 if (*url != ' ') 605 return -1; 606 url++; 607 if (*url == '\0') 608 url = NULL; 609 } 610 611 return hs20_send_wnm_notification(hapd, addr, 1, url); 612 } 613 614 615 static int hostapd_ctrl_iface_hs20_deauth_req(struct hostapd_data *hapd, 616 const char *cmd) 617 { 618 u8 addr[ETH_ALEN]; 619 int code, reauth_delay, ret; 620 const char *pos; 621 size_t url_len; 622 struct wpabuf *req; 623 624 /* <STA MAC Addr> <Code(0/1)> <Re-auth-Delay(sec)> [URL] */ 625 if (hwaddr_aton(cmd, addr)) 626 return -1; 627 628 pos = os_strchr(cmd, ' '); 629 if (pos == NULL) 630 return -1; 631 pos++; 632 code = atoi(pos); 633 634 pos = os_strchr(pos, ' '); 635 if (pos == NULL) 636 return -1; 637 pos++; 638 reauth_delay = atoi(pos); 639 640 url_len = 0; 641 pos = os_strchr(pos, ' '); 642 if (pos) { 643 pos++; 644 url_len = os_strlen(pos); 645 } 646 647 req = wpabuf_alloc(4 + url_len); 648 if (req == NULL) 649 return -1; 650 wpabuf_put_u8(req, code); 651 wpabuf_put_le16(req, reauth_delay); 652 wpabuf_put_u8(req, url_len); 653 if (pos) 654 wpabuf_put_data(req, pos, url_len); 655 656 wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification to " MACSTR 657 " to indicate imminent deauthentication (code=%d " 658 "reauth_delay=%d)", MAC2STR(addr), code, reauth_delay); 659 ret = hs20_send_wnm_notification_deauth_req(hapd, addr, req); 660 wpabuf_free(req); 661 return ret; 662 } 663 664 #endif /* CONFIG_HS20 */ 665 666 667 #ifdef CONFIG_INTERWORKING 668 669 static int hostapd_ctrl_iface_set_qos_map_set(struct hostapd_data *hapd, 670 const char *cmd) 671 { 672 u8 qos_map_set[16 + 2 * 21], count = 0; 673 const char *pos = cmd; 674 int val, ret; 675 676 for (;;) { 677 if (count == sizeof(qos_map_set)) { 678 wpa_printf(MSG_ERROR, "Too many qos_map_set parameters"); 679 return -1; 680 } 681 682 val = atoi(pos); 683 if (val < 0 || val > 255) { 684 wpa_printf(MSG_INFO, "Invalid QoS Map Set"); 685 return -1; 686 } 687 688 qos_map_set[count++] = val; 689 pos = os_strchr(pos, ','); 690 if (!pos) 691 break; 692 pos++; 693 } 694 695 if (count < 16 || count & 1) { 696 wpa_printf(MSG_INFO, "Invalid QoS Map Set"); 697 return -1; 698 } 699 700 ret = hostapd_drv_set_qos_map(hapd, qos_map_set, count); 701 if (ret) { 702 wpa_printf(MSG_INFO, "Failed to set QoS Map Set"); 703 return -1; 704 } 705 706 os_memcpy(hapd->conf->qos_map_set, qos_map_set, count); 707 hapd->conf->qos_map_set_len = count; 708 709 return 0; 710 } 711 712 713 static int hostapd_ctrl_iface_send_qos_map_conf(struct hostapd_data *hapd, 714 const char *cmd) 715 { 716 u8 addr[ETH_ALEN]; 717 struct sta_info *sta; 718 struct wpabuf *buf; 719 u8 *qos_map_set = hapd->conf->qos_map_set; 720 u8 qos_map_set_len = hapd->conf->qos_map_set_len; 721 int ret; 722 723 if (!qos_map_set_len) { 724 wpa_printf(MSG_INFO, "QoS Map Set is not set"); 725 return -1; 726 } 727 728 if (hwaddr_aton(cmd, addr)) 729 return -1; 730 731 sta = ap_get_sta(hapd, addr); 732 if (sta == NULL) { 733 wpa_printf(MSG_DEBUG, "Station " MACSTR " not found " 734 "for QoS Map Configuration message", 735 MAC2STR(addr)); 736 return -1; 737 } 738 739 if (!sta->qos_map_enabled) { 740 wpa_printf(MSG_DEBUG, "Station " MACSTR " did not indicate " 741 "support for QoS Map", MAC2STR(addr)); 742 return -1; 743 } 744 745 buf = wpabuf_alloc(2 + 2 + qos_map_set_len); 746 if (buf == NULL) 747 return -1; 748 749 wpabuf_put_u8(buf, WLAN_ACTION_QOS); 750 wpabuf_put_u8(buf, QOS_QOS_MAP_CONFIG); 751 752 /* QoS Map Set Element */ 753 wpabuf_put_u8(buf, WLAN_EID_QOS_MAP_SET); 754 wpabuf_put_u8(buf, qos_map_set_len); 755 wpabuf_put_data(buf, qos_map_set, qos_map_set_len); 756 757 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr, 758 wpabuf_head(buf), wpabuf_len(buf)); 759 wpabuf_free(buf); 760 761 return ret; 762 } 763 764 #endif /* CONFIG_INTERWORKING */ 765 766 767 #ifdef CONFIG_WNM_AP 768 769 static int hostapd_ctrl_iface_disassoc_imminent(struct hostapd_data *hapd, 770 const char *cmd) 771 { 772 u8 addr[ETH_ALEN]; 773 int disassoc_timer; 774 struct sta_info *sta; 775 776 if (hwaddr_aton(cmd, addr)) 777 return -1; 778 if (cmd[17] != ' ') 779 return -1; 780 disassoc_timer = atoi(cmd + 17); 781 782 sta = ap_get_sta(hapd, addr); 783 if (sta == NULL) { 784 wpa_printf(MSG_DEBUG, "Station " MACSTR 785 " not found for disassociation imminent message", 786 MAC2STR(addr)); 787 return -1; 788 } 789 790 return wnm_send_disassoc_imminent(hapd, sta, disassoc_timer); 791 } 792 793 794 static int hostapd_ctrl_iface_ess_disassoc(struct hostapd_data *hapd, 795 const char *cmd) 796 { 797 u8 addr[ETH_ALEN]; 798 const char *url, *timerstr; 799 int disassoc_timer; 800 struct sta_info *sta; 801 802 if (hwaddr_aton(cmd, addr)) 803 return -1; 804 805 sta = ap_get_sta(hapd, addr); 806 if (sta == NULL) { 807 wpa_printf(MSG_DEBUG, "Station " MACSTR 808 " not found for ESS disassociation imminent message", 809 MAC2STR(addr)); 810 return -1; 811 } 812 813 timerstr = cmd + 17; 814 if (*timerstr != ' ') 815 return -1; 816 timerstr++; 817 disassoc_timer = atoi(timerstr); 818 if (disassoc_timer < 0 || disassoc_timer > 65535) 819 return -1; 820 821 url = os_strchr(timerstr, ' '); 822 if (url == NULL) 823 return -1; 824 url++; 825 826 return wnm_send_ess_disassoc_imminent(hapd, sta, url, disassoc_timer); 827 } 828 829 830 static int hostapd_ctrl_iface_bss_tm_req(struct hostapd_data *hapd, 831 const char *cmd) 832 { 833 u8 addr[ETH_ALEN]; 834 const char *pos, *end; 835 int disassoc_timer = 0; 836 struct sta_info *sta; 837 u8 req_mode = 0, valid_int = 0x01; 838 u8 bss_term_dur[12]; 839 char *url = NULL; 840 int ret; 841 u8 nei_rep[1000]; 842 int nei_len; 843 u8 mbo[10]; 844 size_t mbo_len = 0; 845 846 if (hwaddr_aton(cmd, addr)) { 847 wpa_printf(MSG_DEBUG, "Invalid STA MAC address"); 848 return -1; 849 } 850 851 sta = ap_get_sta(hapd, addr); 852 if (sta == NULL) { 853 wpa_printf(MSG_DEBUG, "Station " MACSTR 854 " not found for BSS TM Request message", 855 MAC2STR(addr)); 856 return -1; 857 } 858 859 pos = os_strstr(cmd, " disassoc_timer="); 860 if (pos) { 861 pos += 16; 862 disassoc_timer = atoi(pos); 863 if (disassoc_timer < 0 || disassoc_timer > 65535) { 864 wpa_printf(MSG_DEBUG, "Invalid disassoc_timer"); 865 return -1; 866 } 867 } 868 869 pos = os_strstr(cmd, " valid_int="); 870 if (pos) { 871 pos += 11; 872 valid_int = atoi(pos); 873 } 874 875 pos = os_strstr(cmd, " bss_term="); 876 if (pos) { 877 pos += 10; 878 req_mode |= WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED; 879 /* TODO: TSF configurable/learnable */ 880 bss_term_dur[0] = 4; /* Subelement ID */ 881 bss_term_dur[1] = 10; /* Length */ 882 os_memset(bss_term_dur, 2, 8); 883 end = os_strchr(pos, ','); 884 if (end == NULL) { 885 wpa_printf(MSG_DEBUG, "Invalid bss_term data"); 886 return -1; 887 } 888 end++; 889 WPA_PUT_LE16(&bss_term_dur[10], atoi(end)); 890 } 891 892 nei_len = ieee802_11_parse_candidate_list(cmd, nei_rep, 893 sizeof(nei_rep)); 894 if (nei_len < 0) 895 return -1; 896 897 pos = os_strstr(cmd, " url="); 898 if (pos) { 899 size_t len; 900 pos += 5; 901 end = os_strchr(pos, ' '); 902 if (end) 903 len = end - pos; 904 else 905 len = os_strlen(pos); 906 url = os_malloc(len + 1); 907 if (url == NULL) 908 return -1; 909 os_memcpy(url, pos, len); 910 url[len] = '\0'; 911 req_mode |= WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT; 912 } 913 914 if (os_strstr(cmd, " pref=1")) 915 req_mode |= WNM_BSS_TM_REQ_PREF_CAND_LIST_INCLUDED; 916 if (os_strstr(cmd, " abridged=1")) 917 req_mode |= WNM_BSS_TM_REQ_ABRIDGED; 918 if (os_strstr(cmd, " disassoc_imminent=1")) 919 req_mode |= WNM_BSS_TM_REQ_DISASSOC_IMMINENT; 920 921 #ifdef CONFIG_MBO 922 pos = os_strstr(cmd, "mbo="); 923 if (pos) { 924 unsigned int mbo_reason, cell_pref, reassoc_delay; 925 u8 *mbo_pos = mbo; 926 927 ret = sscanf(pos, "mbo=%u:%u:%u", &mbo_reason, 928 &reassoc_delay, &cell_pref); 929 if (ret != 3) { 930 wpa_printf(MSG_DEBUG, 931 "MBO requires three arguments: mbo=<reason>:<reassoc_delay>:<cell_pref>"); 932 ret = -1; 933 goto fail; 934 } 935 936 if (mbo_reason > MBO_TRANSITION_REASON_PREMIUM_AP) { 937 wpa_printf(MSG_DEBUG, 938 "Invalid MBO transition reason code %u", 939 mbo_reason); 940 ret = -1; 941 goto fail; 942 } 943 944 /* Valid values for Cellular preference are: 0, 1, 255 */ 945 if (cell_pref != 0 && cell_pref != 1 && cell_pref != 255) { 946 wpa_printf(MSG_DEBUG, 947 "Invalid MBO cellular capability %u", 948 cell_pref); 949 ret = -1; 950 goto fail; 951 } 952 953 if (reassoc_delay > 65535 || 954 (reassoc_delay && 955 !(req_mode & WNM_BSS_TM_REQ_DISASSOC_IMMINENT))) { 956 wpa_printf(MSG_DEBUG, 957 "MBO: Assoc retry delay is only valid in disassoc imminent mode"); 958 ret = -1; 959 goto fail; 960 } 961 962 *mbo_pos++ = MBO_ATTR_ID_TRANSITION_REASON; 963 *mbo_pos++ = 1; 964 *mbo_pos++ = mbo_reason; 965 *mbo_pos++ = MBO_ATTR_ID_CELL_DATA_PREF; 966 *mbo_pos++ = 1; 967 *mbo_pos++ = cell_pref; 968 969 if (reassoc_delay) { 970 *mbo_pos++ = MBO_ATTR_ID_ASSOC_RETRY_DELAY; 971 *mbo_pos++ = 2; 972 WPA_PUT_LE16(mbo_pos, reassoc_delay); 973 mbo_pos += 2; 974 } 975 976 mbo_len = mbo_pos - mbo; 977 } 978 #endif /* CONFIG_MBO */ 979 980 ret = wnm_send_bss_tm_req(hapd, sta, req_mode, disassoc_timer, 981 valid_int, bss_term_dur, url, 982 nei_len ? nei_rep : NULL, nei_len, 983 mbo_len ? mbo : NULL, mbo_len); 984 #ifdef CONFIG_MBO 985 fail: 986 #endif /* CONFIG_MBO */ 987 os_free(url); 988 return ret; 989 } 990 991 #endif /* CONFIG_WNM_AP */ 992 993 994 static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd, 995 char *buf, size_t buflen) 996 { 997 int ret = 0; 998 char *pos, *end; 999 1000 pos = buf; 1001 end = buf + buflen; 1002 1003 WPA_ASSERT(hapd->conf->wpa_key_mgmt); 1004 1005 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { 1006 ret = os_snprintf(pos, end - pos, "WPA-PSK "); 1007 if (os_snprintf_error(end - pos, ret)) 1008 return pos - buf; 1009 pos += ret; 1010 } 1011 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { 1012 ret = os_snprintf(pos, end - pos, "WPA-EAP "); 1013 if (os_snprintf_error(end - pos, ret)) 1014 return pos - buf; 1015 pos += ret; 1016 } 1017 #ifdef CONFIG_IEEE80211R_AP 1018 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) { 1019 ret = os_snprintf(pos, end - pos, "FT-PSK "); 1020 if (os_snprintf_error(end - pos, ret)) 1021 return pos - buf; 1022 pos += ret; 1023 } 1024 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) { 1025 ret = os_snprintf(pos, end - pos, "FT-EAP "); 1026 if (os_snprintf_error(end - pos, ret)) 1027 return pos - buf; 1028 pos += ret; 1029 } 1030 #ifdef CONFIG_SAE 1031 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) { 1032 ret = os_snprintf(pos, end - pos, "FT-SAE "); 1033 if (os_snprintf_error(end - pos, ret)) 1034 return pos - buf; 1035 pos += ret; 1036 } 1037 #endif /* CONFIG_SAE */ 1038 #ifdef CONFIG_FILS 1039 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) { 1040 ret = os_snprintf(pos, end - pos, "FT-FILS-SHA256 "); 1041 if (os_snprintf_error(end - pos, ret)) 1042 return pos - buf; 1043 pos += ret; 1044 } 1045 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) { 1046 ret = os_snprintf(pos, end - pos, "FT-FILS-SHA384 "); 1047 if (os_snprintf_error(end - pos, ret)) 1048 return pos - buf; 1049 pos += ret; 1050 } 1051 #endif /* CONFIG_FILS */ 1052 #endif /* CONFIG_IEEE80211R_AP */ 1053 #ifdef CONFIG_IEEE80211W 1054 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) { 1055 ret = os_snprintf(pos, end - pos, "WPA-PSK-SHA256 "); 1056 if (os_snprintf_error(end - pos, ret)) 1057 return pos - buf; 1058 pos += ret; 1059 } 1060 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) { 1061 ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA256 "); 1062 if (os_snprintf_error(end - pos, ret)) 1063 return pos - buf; 1064 pos += ret; 1065 } 1066 #endif /* CONFIG_IEEE80211W */ 1067 #ifdef CONFIG_SAE 1068 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) { 1069 ret = os_snprintf(pos, end - pos, "SAE "); 1070 if (os_snprintf_error(end - pos, ret)) 1071 return pos - buf; 1072 pos += ret; 1073 } 1074 #endif /* CONFIG_SAE */ 1075 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) { 1076 ret = os_snprintf(pos, end - pos, "WPA-EAP-SUITE-B "); 1077 if (os_snprintf_error(end - pos, ret)) 1078 return pos - buf; 1079 pos += ret; 1080 } 1081 if (hapd->conf->wpa_key_mgmt & 1082 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { 1083 ret = os_snprintf(pos, end - pos, 1084 "WPA-EAP-SUITE-B-192 "); 1085 if (os_snprintf_error(end - pos, ret)) 1086 return pos - buf; 1087 pos += ret; 1088 } 1089 #ifdef CONFIG_FILS 1090 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) { 1091 ret = os_snprintf(pos, end - pos, "FILS-SHA256 "); 1092 if (os_snprintf_error(end - pos, ret)) 1093 return pos - buf; 1094 pos += ret; 1095 } 1096 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) { 1097 ret = os_snprintf(pos, end - pos, "FILS-SHA384 "); 1098 if (os_snprintf_error(end - pos, ret)) 1099 return pos - buf; 1100 pos += ret; 1101 } 1102 #endif /* CONFIG_FILS */ 1103 1104 #ifdef CONFIG_OWE 1105 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) { 1106 ret = os_snprintf(pos, end - pos, "OWE "); 1107 if (os_snprintf_error(end - pos, ret)) 1108 return pos - buf; 1109 pos += ret; 1110 } 1111 #endif /* CONFIG_OWE */ 1112 1113 #ifdef CONFIG_DPP 1114 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) { 1115 ret = os_snprintf(pos, end - pos, "DPP "); 1116 if (os_snprintf_error(end - pos, ret)) 1117 return pos - buf; 1118 pos += ret; 1119 } 1120 #endif /* CONFIG_DPP */ 1121 1122 if (pos > buf && *(pos - 1) == ' ') { 1123 *(pos - 1) = '\0'; 1124 pos--; 1125 } 1126 1127 return pos - buf; 1128 } 1129 1130 1131 static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd, 1132 char *buf, size_t buflen) 1133 { 1134 int ret; 1135 char *pos, *end; 1136 1137 pos = buf; 1138 end = buf + buflen; 1139 1140 ret = os_snprintf(pos, end - pos, "bssid=" MACSTR "\n" 1141 "ssid=%s\n", 1142 MAC2STR(hapd->own_addr), 1143 wpa_ssid_txt(hapd->conf->ssid.ssid, 1144 hapd->conf->ssid.ssid_len)); 1145 if (os_snprintf_error(end - pos, ret)) 1146 return pos - buf; 1147 pos += ret; 1148 1149 #ifdef CONFIG_WPS 1150 ret = os_snprintf(pos, end - pos, "wps_state=%s\n", 1151 hapd->conf->wps_state == 0 ? "disabled" : 1152 (hapd->conf->wps_state == 1 ? "not configured" : 1153 "configured")); 1154 if (os_snprintf_error(end - pos, ret)) 1155 return pos - buf; 1156 pos += ret; 1157 1158 if (hapd->conf->wps_state && hapd->conf->wpa && 1159 hapd->conf->ssid.wpa_passphrase) { 1160 ret = os_snprintf(pos, end - pos, "passphrase=%s\n", 1161 hapd->conf->ssid.wpa_passphrase); 1162 if (os_snprintf_error(end - pos, ret)) 1163 return pos - buf; 1164 pos += ret; 1165 } 1166 1167 if (hapd->conf->wps_state && hapd->conf->wpa && 1168 hapd->conf->ssid.wpa_psk && 1169 hapd->conf->ssid.wpa_psk->group) { 1170 char hex[PMK_LEN * 2 + 1]; 1171 wpa_snprintf_hex(hex, sizeof(hex), 1172 hapd->conf->ssid.wpa_psk->psk, PMK_LEN); 1173 ret = os_snprintf(pos, end - pos, "psk=%s\n", hex); 1174 if (os_snprintf_error(end - pos, ret)) 1175 return pos - buf; 1176 pos += ret; 1177 } 1178 #endif /* CONFIG_WPS */ 1179 1180 if (hapd->conf->wpa) { 1181 ret = os_snprintf(pos, end - pos, "wpa=%d\n", hapd->conf->wpa); 1182 if (os_snprintf_error(end - pos, ret)) 1183 return pos - buf; 1184 pos += ret; 1185 } 1186 1187 if (hapd->conf->wpa && hapd->conf->wpa_key_mgmt) { 1188 ret = os_snprintf(pos, end - pos, "key_mgmt="); 1189 if (os_snprintf_error(end - pos, ret)) 1190 return pos - buf; 1191 pos += ret; 1192 1193 pos += hostapd_ctrl_iface_get_key_mgmt(hapd, pos, end - pos); 1194 1195 ret = os_snprintf(pos, end - pos, "\n"); 1196 if (os_snprintf_error(end - pos, ret)) 1197 return pos - buf; 1198 pos += ret; 1199 } 1200 1201 if (hapd->conf->wpa) { 1202 ret = os_snprintf(pos, end - pos, "group_cipher=%s\n", 1203 wpa_cipher_txt(hapd->conf->wpa_group)); 1204 if (os_snprintf_error(end - pos, ret)) 1205 return pos - buf; 1206 pos += ret; 1207 } 1208 1209 if ((hapd->conf->wpa & WPA_PROTO_RSN) && hapd->conf->rsn_pairwise) { 1210 ret = os_snprintf(pos, end - pos, "rsn_pairwise_cipher="); 1211 if (os_snprintf_error(end - pos, ret)) 1212 return pos - buf; 1213 pos += ret; 1214 1215 ret = wpa_write_ciphers(pos, end, hapd->conf->rsn_pairwise, 1216 " "); 1217 if (ret < 0) 1218 return pos - buf; 1219 pos += ret; 1220 1221 ret = os_snprintf(pos, end - pos, "\n"); 1222 if (os_snprintf_error(end - pos, ret)) 1223 return pos - buf; 1224 pos += ret; 1225 } 1226 1227 if ((hapd->conf->wpa & WPA_PROTO_WPA) && hapd->conf->wpa_pairwise) { 1228 ret = os_snprintf(pos, end - pos, "wpa_pairwise_cipher="); 1229 if (os_snprintf_error(end - pos, ret)) 1230 return pos - buf; 1231 pos += ret; 1232 1233 ret = wpa_write_ciphers(pos, end, hapd->conf->wpa_pairwise, 1234 " "); 1235 if (ret < 0) 1236 return pos - buf; 1237 pos += ret; 1238 1239 ret = os_snprintf(pos, end - pos, "\n"); 1240 if (os_snprintf_error(end - pos, ret)) 1241 return pos - buf; 1242 pos += ret; 1243 } 1244 1245 return pos - buf; 1246 } 1247 1248 1249 static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd) 1250 { 1251 char *value; 1252 int ret = 0; 1253 1254 value = os_strchr(cmd, ' '); 1255 if (value == NULL) 1256 return -1; 1257 *value++ = '\0'; 1258 1259 wpa_printf(MSG_DEBUG, "CTRL_IFACE SET '%s'='%s'", cmd, value); 1260 if (0) { 1261 #ifdef CONFIG_WPS_TESTING 1262 } else if (os_strcasecmp(cmd, "wps_version_number") == 0) { 1263 long int val; 1264 val = strtol(value, NULL, 0); 1265 if (val < 0 || val > 0xff) { 1266 ret = -1; 1267 wpa_printf(MSG_DEBUG, "WPS: Invalid " 1268 "wps_version_number %ld", val); 1269 } else { 1270 wps_version_number = val; 1271 wpa_printf(MSG_DEBUG, "WPS: Testing - force WPS " 1272 "version %u.%u", 1273 (wps_version_number & 0xf0) >> 4, 1274 wps_version_number & 0x0f); 1275 hostapd_wps_update_ie(hapd); 1276 } 1277 } else if (os_strcasecmp(cmd, "wps_testing_dummy_cred") == 0) { 1278 wps_testing_dummy_cred = atoi(value); 1279 wpa_printf(MSG_DEBUG, "WPS: Testing - dummy_cred=%d", 1280 wps_testing_dummy_cred); 1281 } else if (os_strcasecmp(cmd, "wps_corrupt_pkhash") == 0) { 1282 wps_corrupt_pkhash = atoi(value); 1283 wpa_printf(MSG_DEBUG, "WPS: Testing - wps_corrupt_pkhash=%d", 1284 wps_corrupt_pkhash); 1285 #endif /* CONFIG_WPS_TESTING */ 1286 #ifdef CONFIG_TESTING_OPTIONS 1287 } else if (os_strcasecmp(cmd, "ext_mgmt_frame_handling") == 0) { 1288 hapd->ext_mgmt_frame_handling = atoi(value); 1289 } else if (os_strcasecmp(cmd, "ext_eapol_frame_io") == 0) { 1290 hapd->ext_eapol_frame_io = atoi(value); 1291 #ifdef CONFIG_DPP 1292 } else if (os_strcasecmp(cmd, "dpp_config_obj_override") == 0) { 1293 os_free(hapd->dpp_config_obj_override); 1294 hapd->dpp_config_obj_override = os_strdup(value); 1295 } else if (os_strcasecmp(cmd, "dpp_discovery_override") == 0) { 1296 os_free(hapd->dpp_discovery_override); 1297 hapd->dpp_discovery_override = os_strdup(value); 1298 } else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) { 1299 os_free(hapd->dpp_groups_override); 1300 hapd->dpp_groups_override = os_strdup(value); 1301 } else if (os_strcasecmp(cmd, 1302 "dpp_ignore_netaccesskey_mismatch") == 0) { 1303 hapd->dpp_ignore_netaccesskey_mismatch = atoi(value); 1304 #endif /* CONFIG_DPP */ 1305 #endif /* CONFIG_TESTING_OPTIONS */ 1306 #ifdef CONFIG_MBO 1307 } else if (os_strcasecmp(cmd, "mbo_assoc_disallow") == 0) { 1308 int val; 1309 1310 if (!hapd->conf->mbo_enabled) 1311 return -1; 1312 1313 val = atoi(value); 1314 if (val < 0 || val > 1) 1315 return -1; 1316 1317 hapd->mbo_assoc_disallow = val; 1318 ieee802_11_update_beacons(hapd->iface); 1319 1320 /* 1321 * TODO: Need to configure drivers that do AP MLME offload with 1322 * disallowing station logic. 1323 */ 1324 #endif /* CONFIG_MBO */ 1325 #ifdef CONFIG_DPP 1326 } else if (os_strcasecmp(cmd, "dpp_configurator_params") == 0) { 1327 os_free(hapd->dpp_configurator_params); 1328 hapd->dpp_configurator_params = os_strdup(value); 1329 #endif /* CONFIG_DPP */ 1330 } else { 1331 struct sta_info *sta; 1332 struct vlan_description vlan_id; 1333 1334 ret = hostapd_set_iface(hapd->iconf, hapd->conf, cmd, value); 1335 if (ret) 1336 return ret; 1337 1338 if (os_strcasecmp(cmd, "deny_mac_file") == 0) { 1339 for (sta = hapd->sta_list; sta; sta = sta->next) { 1340 if (hostapd_maclist_found( 1341 hapd->conf->deny_mac, 1342 hapd->conf->num_deny_mac, sta->addr, 1343 &vlan_id) && 1344 (!vlan_id.notempty || 1345 !vlan_compare(&vlan_id, sta->vlan_desc))) 1346 ap_sta_disconnect( 1347 hapd, sta, sta->addr, 1348 WLAN_REASON_UNSPECIFIED); 1349 } 1350 } else if (hapd->conf->macaddr_acl == DENY_UNLESS_ACCEPTED && 1351 os_strcasecmp(cmd, "accept_mac_file") == 0) { 1352 for (sta = hapd->sta_list; sta; sta = sta->next) { 1353 if (!hostapd_maclist_found( 1354 hapd->conf->accept_mac, 1355 hapd->conf->num_accept_mac, 1356 sta->addr, &vlan_id) || 1357 (vlan_id.notempty && 1358 vlan_compare(&vlan_id, sta->vlan_desc))) 1359 ap_sta_disconnect( 1360 hapd, sta, sta->addr, 1361 WLAN_REASON_UNSPECIFIED); 1362 } 1363 } 1364 } 1365 1366 return ret; 1367 } 1368 1369 1370 static int hostapd_ctrl_iface_get(struct hostapd_data *hapd, char *cmd, 1371 char *buf, size_t buflen) 1372 { 1373 int res; 1374 1375 wpa_printf(MSG_DEBUG, "CTRL_IFACE GET '%s'", cmd); 1376 1377 if (os_strcmp(cmd, "version") == 0) { 1378 res = os_snprintf(buf, buflen, "%s", VERSION_STR); 1379 if (os_snprintf_error(buflen, res)) 1380 return -1; 1381 return res; 1382 } else if (os_strcmp(cmd, "tls_library") == 0) { 1383 res = tls_get_library_version(buf, buflen); 1384 if (os_snprintf_error(buflen, res)) 1385 return -1; 1386 return res; 1387 } 1388 1389 return -1; 1390 } 1391 1392 1393 static int hostapd_ctrl_iface_enable(struct hostapd_iface *iface) 1394 { 1395 if (hostapd_enable_iface(iface) < 0) { 1396 wpa_printf(MSG_ERROR, "Enabling of interface failed"); 1397 return -1; 1398 } 1399 return 0; 1400 } 1401 1402 1403 static int hostapd_ctrl_iface_reload(struct hostapd_iface *iface) 1404 { 1405 if (hostapd_reload_iface(iface) < 0) { 1406 wpa_printf(MSG_ERROR, "Reloading of interface failed"); 1407 return -1; 1408 } 1409 return 0; 1410 } 1411 1412 1413 static int hostapd_ctrl_iface_disable(struct hostapd_iface *iface) 1414 { 1415 if (hostapd_disable_iface(iface) < 0) { 1416 wpa_printf(MSG_ERROR, "Disabling of interface failed"); 1417 return -1; 1418 } 1419 return 0; 1420 } 1421 1422 1423 #ifdef CONFIG_TESTING_OPTIONS 1424 1425 static int hostapd_ctrl_iface_radar(struct hostapd_data *hapd, char *cmd) 1426 { 1427 union wpa_event_data data; 1428 char *pos, *param; 1429 enum wpa_event_type event; 1430 1431 wpa_printf(MSG_DEBUG, "RADAR TEST: %s", cmd); 1432 1433 os_memset(&data, 0, sizeof(data)); 1434 1435 param = os_strchr(cmd, ' '); 1436 if (param == NULL) 1437 return -1; 1438 *param++ = '\0'; 1439 1440 if (os_strcmp(cmd, "DETECTED") == 0) 1441 event = EVENT_DFS_RADAR_DETECTED; 1442 else if (os_strcmp(cmd, "CAC-FINISHED") == 0) 1443 event = EVENT_DFS_CAC_FINISHED; 1444 else if (os_strcmp(cmd, "CAC-ABORTED") == 0) 1445 event = EVENT_DFS_CAC_ABORTED; 1446 else if (os_strcmp(cmd, "NOP-FINISHED") == 0) 1447 event = EVENT_DFS_NOP_FINISHED; 1448 else { 1449 wpa_printf(MSG_DEBUG, "Unsupported RADAR test command: %s", 1450 cmd); 1451 return -1; 1452 } 1453 1454 pos = os_strstr(param, "freq="); 1455 if (pos) 1456 data.dfs_event.freq = atoi(pos + 5); 1457 1458 pos = os_strstr(param, "ht_enabled=1"); 1459 if (pos) 1460 data.dfs_event.ht_enabled = 1; 1461 1462 pos = os_strstr(param, "chan_offset="); 1463 if (pos) 1464 data.dfs_event.chan_offset = atoi(pos + 12); 1465 1466 pos = os_strstr(param, "chan_width="); 1467 if (pos) 1468 data.dfs_event.chan_width = atoi(pos + 11); 1469 1470 pos = os_strstr(param, "cf1="); 1471 if (pos) 1472 data.dfs_event.cf1 = atoi(pos + 4); 1473 1474 pos = os_strstr(param, "cf2="); 1475 if (pos) 1476 data.dfs_event.cf2 = atoi(pos + 4); 1477 1478 wpa_supplicant_event(hapd, event, &data); 1479 1480 return 0; 1481 } 1482 1483 1484 static int hostapd_ctrl_iface_mgmt_tx(struct hostapd_data *hapd, char *cmd) 1485 { 1486 size_t len; 1487 u8 *buf; 1488 int res; 1489 1490 wpa_printf(MSG_DEBUG, "External MGMT TX: %s", cmd); 1491 1492 len = os_strlen(cmd); 1493 if (len & 1) 1494 return -1; 1495 len /= 2; 1496 1497 buf = os_malloc(len); 1498 if (buf == NULL) 1499 return -1; 1500 1501 if (hexstr2bin(cmd, buf, len) < 0) { 1502 os_free(buf); 1503 return -1; 1504 } 1505 1506 res = hostapd_drv_send_mlme(hapd, buf, len, 0); 1507 os_free(buf); 1508 return res; 1509 } 1510 1511 1512 static int hostapd_ctrl_iface_mgmt_tx_status_process(struct hostapd_data *hapd, 1513 char *cmd) 1514 { 1515 char *pos, *param; 1516 size_t len; 1517 u8 *buf; 1518 int stype = 0, ok = 0; 1519 union wpa_event_data event; 1520 1521 if (!hapd->ext_mgmt_frame_handling) 1522 return -1; 1523 1524 /* stype=<val> ok=<0/1> buf=<frame hexdump> */ 1525 1526 wpa_printf(MSG_DEBUG, "External MGMT TX status process: %s", cmd); 1527 1528 pos = cmd; 1529 param = os_strstr(pos, "stype="); 1530 if (param) { 1531 param += 6; 1532 stype = atoi(param); 1533 } 1534 1535 param = os_strstr(pos, " ok="); 1536 if (param) { 1537 param += 4; 1538 ok = atoi(param); 1539 } 1540 1541 param = os_strstr(pos, " buf="); 1542 if (!param) 1543 return -1; 1544 param += 5; 1545 1546 len = os_strlen(param); 1547 if (len & 1) 1548 return -1; 1549 len /= 2; 1550 1551 buf = os_malloc(len); 1552 if (!buf || hexstr2bin(param, buf, len) < 0) { 1553 os_free(buf); 1554 return -1; 1555 } 1556 1557 os_memset(&event, 0, sizeof(event)); 1558 event.tx_status.type = WLAN_FC_TYPE_MGMT; 1559 event.tx_status.data = buf; 1560 event.tx_status.data_len = len; 1561 event.tx_status.stype = stype; 1562 event.tx_status.ack = ok; 1563 hapd->ext_mgmt_frame_handling = 0; 1564 wpa_supplicant_event(hapd, EVENT_TX_STATUS, &event); 1565 hapd->ext_mgmt_frame_handling = 1; 1566 1567 os_free(buf); 1568 1569 return 0; 1570 } 1571 1572 1573 static int hostapd_ctrl_iface_mgmt_rx_process(struct hostapd_data *hapd, 1574 char *cmd) 1575 { 1576 char *pos, *param; 1577 size_t len; 1578 u8 *buf; 1579 int freq = 0, datarate = 0, ssi_signal = 0; 1580 union wpa_event_data event; 1581 1582 if (!hapd->ext_mgmt_frame_handling) 1583 return -1; 1584 1585 /* freq=<MHz> datarate=<val> ssi_signal=<val> frame=<frame hexdump> */ 1586 1587 wpa_printf(MSG_DEBUG, "External MGMT RX process: %s", cmd); 1588 1589 pos = cmd; 1590 param = os_strstr(pos, "freq="); 1591 if (param) { 1592 param += 5; 1593 freq = atoi(param); 1594 } 1595 1596 param = os_strstr(pos, " datarate="); 1597 if (param) { 1598 param += 10; 1599 datarate = atoi(param); 1600 } 1601 1602 param = os_strstr(pos, " ssi_signal="); 1603 if (param) { 1604 param += 12; 1605 ssi_signal = atoi(param); 1606 } 1607 1608 param = os_strstr(pos, " frame="); 1609 if (param == NULL) 1610 return -1; 1611 param += 7; 1612 1613 len = os_strlen(param); 1614 if (len & 1) 1615 return -1; 1616 len /= 2; 1617 1618 buf = os_malloc(len); 1619 if (buf == NULL) 1620 return -1; 1621 1622 if (hexstr2bin(param, buf, len) < 0) { 1623 os_free(buf); 1624 return -1; 1625 } 1626 1627 os_memset(&event, 0, sizeof(event)); 1628 event.rx_mgmt.freq = freq; 1629 event.rx_mgmt.frame = buf; 1630 event.rx_mgmt.frame_len = len; 1631 event.rx_mgmt.ssi_signal = ssi_signal; 1632 event.rx_mgmt.datarate = datarate; 1633 hapd->ext_mgmt_frame_handling = 0; 1634 wpa_supplicant_event(hapd, EVENT_RX_MGMT, &event); 1635 hapd->ext_mgmt_frame_handling = 1; 1636 1637 os_free(buf); 1638 1639 return 0; 1640 } 1641 1642 1643 static int hostapd_ctrl_iface_eapol_rx(struct hostapd_data *hapd, char *cmd) 1644 { 1645 char *pos; 1646 u8 src[ETH_ALEN], *buf; 1647 int used; 1648 size_t len; 1649 1650 wpa_printf(MSG_DEBUG, "External EAPOL RX: %s", cmd); 1651 1652 pos = cmd; 1653 used = hwaddr_aton2(pos, src); 1654 if (used < 0) 1655 return -1; 1656 pos += used; 1657 while (*pos == ' ') 1658 pos++; 1659 1660 len = os_strlen(pos); 1661 if (len & 1) 1662 return -1; 1663 len /= 2; 1664 1665 buf = os_malloc(len); 1666 if (buf == NULL) 1667 return -1; 1668 1669 if (hexstr2bin(pos, buf, len) < 0) { 1670 os_free(buf); 1671 return -1; 1672 } 1673 1674 ieee802_1x_receive(hapd, src, buf, len); 1675 os_free(buf); 1676 1677 return 0; 1678 } 1679 1680 1681 static u16 ipv4_hdr_checksum(const void *buf, size_t len) 1682 { 1683 size_t i; 1684 u32 sum = 0; 1685 const u16 *pos = buf; 1686 1687 for (i = 0; i < len / 2; i++) 1688 sum += *pos++; 1689 1690 while (sum >> 16) 1691 sum = (sum & 0xffff) + (sum >> 16); 1692 1693 return sum ^ 0xffff; 1694 } 1695 1696 1697 #define HWSIM_PACKETLEN 1500 1698 #define HWSIM_IP_LEN (HWSIM_PACKETLEN - sizeof(struct ether_header)) 1699 1700 static void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf, 1701 size_t len) 1702 { 1703 struct hostapd_data *hapd = ctx; 1704 const struct ether_header *eth; 1705 struct iphdr ip; 1706 const u8 *pos; 1707 unsigned int i; 1708 1709 if (len != HWSIM_PACKETLEN) 1710 return; 1711 1712 eth = (const struct ether_header *) buf; 1713 os_memcpy(&ip, eth + 1, sizeof(ip)); 1714 pos = &buf[sizeof(*eth) + sizeof(ip)]; 1715 1716 if (ip.ihl != 5 || ip.version != 4 || 1717 ntohs(ip.tot_len) != HWSIM_IP_LEN) 1718 return; 1719 1720 for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) { 1721 if (*pos != (u8) i) 1722 return; 1723 pos++; 1724 } 1725 1726 wpa_msg(hapd->msg_ctx, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR, 1727 MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost)); 1728 } 1729 1730 1731 static int hostapd_ctrl_iface_data_test_config(struct hostapd_data *hapd, 1732 char *cmd) 1733 { 1734 int enabled = atoi(cmd); 1735 char *pos; 1736 const char *ifname; 1737 1738 if (!enabled) { 1739 if (hapd->l2_test) { 1740 l2_packet_deinit(hapd->l2_test); 1741 hapd->l2_test = NULL; 1742 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 1743 "test data: Disabled"); 1744 } 1745 return 0; 1746 } 1747 1748 if (hapd->l2_test) 1749 return 0; 1750 1751 pos = os_strstr(cmd, " ifname="); 1752 if (pos) 1753 ifname = pos + 8; 1754 else 1755 ifname = hapd->conf->iface; 1756 1757 hapd->l2_test = l2_packet_init(ifname, hapd->own_addr, 1758 ETHERTYPE_IP, hostapd_data_test_rx, 1759 hapd, 1); 1760 if (hapd->l2_test == NULL) 1761 return -1; 1762 1763 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: Enabled"); 1764 1765 return 0; 1766 } 1767 1768 1769 static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd) 1770 { 1771 u8 dst[ETH_ALEN], src[ETH_ALEN]; 1772 char *pos; 1773 int used; 1774 long int val; 1775 u8 tos; 1776 u8 buf[2 + HWSIM_PACKETLEN]; 1777 struct ether_header *eth; 1778 struct iphdr *ip; 1779 u8 *dpos; 1780 unsigned int i; 1781 1782 if (hapd->l2_test == NULL) 1783 return -1; 1784 1785 /* format: <dst> <src> <tos> */ 1786 1787 pos = cmd; 1788 used = hwaddr_aton2(pos, dst); 1789 if (used < 0) 1790 return -1; 1791 pos += used; 1792 while (*pos == ' ') 1793 pos++; 1794 used = hwaddr_aton2(pos, src); 1795 if (used < 0) 1796 return -1; 1797 pos += used; 1798 1799 val = strtol(pos, NULL, 0); 1800 if (val < 0 || val > 0xff) 1801 return -1; 1802 tos = val; 1803 1804 eth = (struct ether_header *) &buf[2]; 1805 os_memcpy(eth->ether_dhost, dst, ETH_ALEN); 1806 os_memcpy(eth->ether_shost, src, ETH_ALEN); 1807 eth->ether_type = htons(ETHERTYPE_IP); 1808 ip = (struct iphdr *) (eth + 1); 1809 os_memset(ip, 0, sizeof(*ip)); 1810 ip->ihl = 5; 1811 ip->version = 4; 1812 ip->ttl = 64; 1813 ip->tos = tos; 1814 ip->tot_len = htons(HWSIM_IP_LEN); 1815 ip->protocol = 1; 1816 ip->saddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 1); 1817 ip->daddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 2); 1818 ip->check = ipv4_hdr_checksum(ip, sizeof(*ip)); 1819 dpos = (u8 *) (ip + 1); 1820 for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++) 1821 *dpos++ = i; 1822 1823 if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, &buf[2], 1824 HWSIM_PACKETLEN) < 0) 1825 return -1; 1826 1827 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: TX dst=" MACSTR 1828 " src=" MACSTR " tos=0x%x", MAC2STR(dst), MAC2STR(src), tos); 1829 1830 return 0; 1831 } 1832 1833 1834 static int hostapd_ctrl_iface_data_test_frame(struct hostapd_data *hapd, 1835 char *cmd) 1836 { 1837 u8 *buf; 1838 struct ether_header *eth; 1839 struct l2_packet_data *l2 = NULL; 1840 size_t len; 1841 u16 ethertype; 1842 int res = -1; 1843 const char *ifname = hapd->conf->iface; 1844 1845 if (os_strncmp(cmd, "ifname=", 7) == 0) { 1846 cmd += 7; 1847 ifname = cmd; 1848 cmd = os_strchr(cmd, ' '); 1849 if (cmd == NULL) 1850 return -1; 1851 *cmd++ = '\0'; 1852 } 1853 1854 len = os_strlen(cmd); 1855 if (len & 1 || len < ETH_HLEN * 2) 1856 return -1; 1857 len /= 2; 1858 1859 buf = os_malloc(len); 1860 if (buf == NULL) 1861 return -1; 1862 1863 if (hexstr2bin(cmd, buf, len) < 0) 1864 goto done; 1865 1866 eth = (struct ether_header *) buf; 1867 ethertype = ntohs(eth->ether_type); 1868 1869 l2 = l2_packet_init(ifname, hapd->own_addr, ethertype, 1870 hostapd_data_test_rx, hapd, 1); 1871 if (l2 == NULL) 1872 goto done; 1873 1874 res = l2_packet_send(l2, eth->ether_dhost, ethertype, buf, len); 1875 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: TX frame res=%d", res); 1876 done: 1877 if (l2) 1878 l2_packet_deinit(l2); 1879 os_free(buf); 1880 1881 return res < 0 ? -1 : 0; 1882 } 1883 1884 1885 static int hostapd_ctrl_test_alloc_fail(struct hostapd_data *hapd, char *cmd) 1886 { 1887 #ifdef WPA_TRACE_BFD 1888 char *pos; 1889 1890 wpa_trace_fail_after = atoi(cmd); 1891 pos = os_strchr(cmd, ':'); 1892 if (pos) { 1893 pos++; 1894 os_strlcpy(wpa_trace_fail_func, pos, 1895 sizeof(wpa_trace_fail_func)); 1896 } else { 1897 wpa_trace_fail_after = 0; 1898 } 1899 1900 return 0; 1901 #else /* WPA_TRACE_BFD */ 1902 return -1; 1903 #endif /* WPA_TRACE_BFD */ 1904 } 1905 1906 1907 static int hostapd_ctrl_get_alloc_fail(struct hostapd_data *hapd, 1908 char *buf, size_t buflen) 1909 { 1910 #ifdef WPA_TRACE_BFD 1911 return os_snprintf(buf, buflen, "%u:%s", wpa_trace_fail_after, 1912 wpa_trace_fail_func); 1913 #else /* WPA_TRACE_BFD */ 1914 return -1; 1915 #endif /* WPA_TRACE_BFD */ 1916 } 1917 1918 1919 static int hostapd_ctrl_test_fail(struct hostapd_data *hapd, char *cmd) 1920 { 1921 #ifdef WPA_TRACE_BFD 1922 char *pos; 1923 1924 wpa_trace_test_fail_after = atoi(cmd); 1925 pos = os_strchr(cmd, ':'); 1926 if (pos) { 1927 pos++; 1928 os_strlcpy(wpa_trace_test_fail_func, pos, 1929 sizeof(wpa_trace_test_fail_func)); 1930 } else { 1931 wpa_trace_test_fail_after = 0; 1932 } 1933 1934 return 0; 1935 #else /* WPA_TRACE_BFD */ 1936 return -1; 1937 #endif /* WPA_TRACE_BFD */ 1938 } 1939 1940 1941 static int hostapd_ctrl_get_fail(struct hostapd_data *hapd, 1942 char *buf, size_t buflen) 1943 { 1944 #ifdef WPA_TRACE_BFD 1945 return os_snprintf(buf, buflen, "%u:%s", wpa_trace_test_fail_after, 1946 wpa_trace_test_fail_func); 1947 #else /* WPA_TRACE_BFD */ 1948 return -1; 1949 #endif /* WPA_TRACE_BFD */ 1950 } 1951 1952 1953 static int hostapd_ctrl_reset_pn(struct hostapd_data *hapd, const char *cmd) 1954 { 1955 struct sta_info *sta; 1956 u8 addr[ETH_ALEN]; 1957 u8 zero[WPA_TK_MAX_LEN]; 1958 1959 os_memset(zero, 0, sizeof(zero)); 1960 1961 if (hwaddr_aton(cmd, addr)) 1962 return -1; 1963 1964 #ifdef CONFIG_IEEE80211W 1965 if (is_broadcast_ether_addr(addr) && os_strstr(cmd, "IGTK")) { 1966 if (hapd->last_igtk_alg == WPA_ALG_NONE) 1967 return -1; 1968 1969 wpa_printf(MSG_INFO, "TESTING: Reset IPN for IGTK"); 1970 1971 /* First, use a zero key to avoid any possible duplicate key 1972 * avoidance in the driver. */ 1973 if (hostapd_drv_set_key(hapd->conf->iface, hapd, 1974 hapd->last_igtk_alg, 1975 broadcast_ether_addr, 1976 hapd->last_igtk_key_idx, 1, NULL, 0, 1977 zero, hapd->last_igtk_len) < 0) 1978 return -1; 1979 1980 /* Set the previously configured key to reset its TSC */ 1981 return hostapd_drv_set_key(hapd->conf->iface, hapd, 1982 hapd->last_igtk_alg, 1983 broadcast_ether_addr, 1984 hapd->last_igtk_key_idx, 1, NULL, 0, 1985 hapd->last_igtk, 1986 hapd->last_igtk_len); 1987 } 1988 #endif /* CONFIG_IEEE80211W */ 1989 1990 if (is_broadcast_ether_addr(addr)) { 1991 if (hapd->last_gtk_alg == WPA_ALG_NONE) 1992 return -1; 1993 1994 wpa_printf(MSG_INFO, "TESTING: Reset PN for GTK"); 1995 1996 /* First, use a zero key to avoid any possible duplicate key 1997 * avoidance in the driver. */ 1998 if (hostapd_drv_set_key(hapd->conf->iface, hapd, 1999 hapd->last_gtk_alg, 2000 broadcast_ether_addr, 2001 hapd->last_gtk_key_idx, 1, NULL, 0, 2002 zero, hapd->last_gtk_len) < 0) 2003 return -1; 2004 2005 /* Set the previously configured key to reset its TSC */ 2006 return hostapd_drv_set_key(hapd->conf->iface, hapd, 2007 hapd->last_gtk_alg, 2008 broadcast_ether_addr, 2009 hapd->last_gtk_key_idx, 1, NULL, 0, 2010 hapd->last_gtk, hapd->last_gtk_len); 2011 } 2012 2013 sta = ap_get_sta(hapd, addr); 2014 if (!sta) 2015 return -1; 2016 2017 if (sta->last_tk_alg == WPA_ALG_NONE) 2018 return -1; 2019 2020 wpa_printf(MSG_INFO, "TESTING: Reset PN for " MACSTR, 2021 MAC2STR(sta->addr)); 2022 2023 /* First, use a zero key to avoid any possible duplicate key avoidance 2024 * in the driver. */ 2025 if (hostapd_drv_set_key(hapd->conf->iface, hapd, sta->last_tk_alg, 2026 sta->addr, sta->last_tk_key_idx, 1, NULL, 0, 2027 zero, sta->last_tk_len) < 0) 2028 return -1; 2029 2030 /* Set the previously configured key to reset its TSC/RSC */ 2031 return hostapd_drv_set_key(hapd->conf->iface, hapd, sta->last_tk_alg, 2032 sta->addr, sta->last_tk_key_idx, 1, NULL, 0, 2033 sta->last_tk, sta->last_tk_len); 2034 } 2035 2036 2037 static int hostapd_ctrl_set_key(struct hostapd_data *hapd, const char *cmd) 2038 { 2039 u8 addr[ETH_ALEN]; 2040 const char *pos = cmd; 2041 enum wpa_alg alg; 2042 int idx, set_tx; 2043 u8 seq[6], key[WPA_TK_MAX_LEN]; 2044 size_t key_len; 2045 2046 /* parameters: alg addr idx set_tx seq key */ 2047 2048 alg = atoi(pos); 2049 pos = os_strchr(pos, ' '); 2050 if (!pos) 2051 return -1; 2052 pos++; 2053 if (hwaddr_aton(pos, addr)) 2054 return -1; 2055 pos += 17; 2056 if (*pos != ' ') 2057 return -1; 2058 pos++; 2059 idx = atoi(pos); 2060 pos = os_strchr(pos, ' '); 2061 if (!pos) 2062 return -1; 2063 pos++; 2064 set_tx = atoi(pos); 2065 pos = os_strchr(pos, ' '); 2066 if (!pos) 2067 return -1; 2068 pos++; 2069 if (hexstr2bin(pos, seq, sizeof(6)) < 0) 2070 return -1; 2071 pos += 2 * 6; 2072 if (*pos != ' ') 2073 return -1; 2074 pos++; 2075 key_len = os_strlen(pos) / 2; 2076 if (hexstr2bin(pos, key, key_len) < 0) 2077 return -1; 2078 2079 wpa_printf(MSG_INFO, "TESTING: Set key"); 2080 return hostapd_drv_set_key(hapd->conf->iface, hapd, alg, addr, idx, 2081 set_tx, seq, 6, key, key_len); 2082 } 2083 2084 2085 static void restore_tk(void *ctx1, void *ctx2) 2086 { 2087 struct hostapd_data *hapd = ctx1; 2088 struct sta_info *sta = ctx2; 2089 2090 wpa_printf(MSG_INFO, "TESTING: Restore TK for " MACSTR, 2091 MAC2STR(sta->addr)); 2092 /* This does not really restore the TSC properly, so this will result 2093 * in replay protection issues for now since there is no clean way of 2094 * preventing encryption of a single EAPOL frame. */ 2095 hostapd_drv_set_key(hapd->conf->iface, hapd, sta->last_tk_alg, 2096 sta->addr, sta->last_tk_key_idx, 1, NULL, 0, 2097 sta->last_tk, sta->last_tk_len); 2098 } 2099 2100 2101 static int hostapd_ctrl_resend_m1(struct hostapd_data *hapd, const char *cmd) 2102 { 2103 struct sta_info *sta; 2104 u8 addr[ETH_ALEN]; 2105 int plain = os_strstr(cmd, "plaintext") != NULL; 2106 2107 if (hwaddr_aton(cmd, addr)) 2108 return -1; 2109 2110 sta = ap_get_sta(hapd, addr); 2111 if (!sta || !sta->wpa_sm) 2112 return -1; 2113 2114 if (plain && sta->last_tk_alg == WPA_ALG_NONE) 2115 plain = 0; /* no need for special processing */ 2116 if (plain) { 2117 wpa_printf(MSG_INFO, "TESTING: Clear TK for " MACSTR, 2118 MAC2STR(sta->addr)); 2119 hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_NONE, 2120 sta->addr, sta->last_tk_key_idx, 0, NULL, 0, 2121 NULL, 0); 2122 } 2123 2124 wpa_printf(MSG_INFO, "TESTING: Send M1 to " MACSTR, MAC2STR(sta->addr)); 2125 return wpa_auth_resend_m1(sta->wpa_sm, 2126 os_strstr(cmd, "change-anonce") != NULL, 2127 plain ? restore_tk : NULL, hapd, sta); 2128 } 2129 2130 2131 static int hostapd_ctrl_resend_m3(struct hostapd_data *hapd, const char *cmd) 2132 { 2133 struct sta_info *sta; 2134 u8 addr[ETH_ALEN]; 2135 int plain = os_strstr(cmd, "plaintext") != NULL; 2136 2137 if (hwaddr_aton(cmd, addr)) 2138 return -1; 2139 2140 sta = ap_get_sta(hapd, addr); 2141 if (!sta || !sta->wpa_sm) 2142 return -1; 2143 2144 if (plain && sta->last_tk_alg == WPA_ALG_NONE) 2145 plain = 0; /* no need for special processing */ 2146 if (plain) { 2147 wpa_printf(MSG_INFO, "TESTING: Clear TK for " MACSTR, 2148 MAC2STR(sta->addr)); 2149 hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_NONE, 2150 sta->addr, sta->last_tk_key_idx, 0, NULL, 0, 2151 NULL, 0); 2152 } 2153 2154 wpa_printf(MSG_INFO, "TESTING: Send M3 to " MACSTR, MAC2STR(sta->addr)); 2155 return wpa_auth_resend_m3(sta->wpa_sm, 2156 plain ? restore_tk : NULL, hapd, sta); 2157 } 2158 2159 2160 static int hostapd_ctrl_resend_group_m1(struct hostapd_data *hapd, 2161 const char *cmd) 2162 { 2163 struct sta_info *sta; 2164 u8 addr[ETH_ALEN]; 2165 int plain = os_strstr(cmd, "plaintext") != NULL; 2166 2167 if (hwaddr_aton(cmd, addr)) 2168 return -1; 2169 2170 sta = ap_get_sta(hapd, addr); 2171 if (!sta || !sta->wpa_sm) 2172 return -1; 2173 2174 if (plain && sta->last_tk_alg == WPA_ALG_NONE) 2175 plain = 0; /* no need for special processing */ 2176 if (plain) { 2177 wpa_printf(MSG_INFO, "TESTING: Clear TK for " MACSTR, 2178 MAC2STR(sta->addr)); 2179 hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_NONE, 2180 sta->addr, sta->last_tk_key_idx, 0, NULL, 0, 2181 NULL, 0); 2182 } 2183 2184 wpa_printf(MSG_INFO, 2185 "TESTING: Send group M1 for the same GTK and zero RSC to " 2186 MACSTR, MAC2STR(sta->addr)); 2187 return wpa_auth_resend_group_m1(sta->wpa_sm, 2188 plain ? restore_tk : NULL, hapd, sta); 2189 } 2190 2191 #endif /* CONFIG_TESTING_OPTIONS */ 2192 2193 2194 static int hostapd_ctrl_iface_chan_switch(struct hostapd_iface *iface, 2195 char *pos) 2196 { 2197 #ifdef NEED_AP_MLME 2198 struct csa_settings settings; 2199 int ret; 2200 unsigned int i; 2201 2202 ret = hostapd_parse_csa_settings(pos, &settings); 2203 if (ret) 2204 return ret; 2205 2206 for (i = 0; i < iface->num_bss; i++) { 2207 ret = hostapd_switch_channel(iface->bss[i], &settings); 2208 if (ret) { 2209 /* FIX: What do we do if CSA fails in the middle of 2210 * submitting multi-BSS CSA requests? */ 2211 return ret; 2212 } 2213 } 2214 2215 return 0; 2216 #else /* NEED_AP_MLME */ 2217 return -1; 2218 #endif /* NEED_AP_MLME */ 2219 } 2220 2221 2222 static int hostapd_ctrl_iface_mib(struct hostapd_data *hapd, char *reply, 2223 int reply_size, const char *param) 2224 { 2225 #ifdef RADIUS_SERVER 2226 if (os_strcmp(param, "radius_server") == 0) { 2227 return radius_server_get_mib(hapd->radius_srv, reply, 2228 reply_size); 2229 } 2230 #endif /* RADIUS_SERVER */ 2231 return -1; 2232 } 2233 2234 2235 static int hostapd_ctrl_iface_vendor(struct hostapd_data *hapd, char *cmd, 2236 char *buf, size_t buflen) 2237 { 2238 int ret; 2239 char *pos; 2240 u8 *data = NULL; 2241 unsigned int vendor_id, subcmd; 2242 struct wpabuf *reply; 2243 size_t data_len = 0; 2244 2245 /* cmd: <vendor id> <subcommand id> [<hex formatted data>] */ 2246 vendor_id = strtoul(cmd, &pos, 16); 2247 if (!isblank((unsigned char) *pos)) 2248 return -EINVAL; 2249 2250 subcmd = strtoul(pos, &pos, 10); 2251 2252 if (*pos != '\0') { 2253 if (!isblank((unsigned char) *pos++)) 2254 return -EINVAL; 2255 data_len = os_strlen(pos); 2256 } 2257 2258 if (data_len) { 2259 data_len /= 2; 2260 data = os_malloc(data_len); 2261 if (!data) 2262 return -ENOBUFS; 2263 2264 if (hexstr2bin(pos, data, data_len)) { 2265 wpa_printf(MSG_DEBUG, 2266 "Vendor command: wrong parameter format"); 2267 os_free(data); 2268 return -EINVAL; 2269 } 2270 } 2271 2272 reply = wpabuf_alloc((buflen - 1) / 2); 2273 if (!reply) { 2274 os_free(data); 2275 return -ENOBUFS; 2276 } 2277 2278 ret = hostapd_drv_vendor_cmd(hapd, vendor_id, subcmd, data, data_len, 2279 reply); 2280 2281 if (ret == 0) 2282 ret = wpa_snprintf_hex(buf, buflen, wpabuf_head_u8(reply), 2283 wpabuf_len(reply)); 2284 2285 wpabuf_free(reply); 2286 os_free(data); 2287 2288 return ret; 2289 } 2290 2291 2292 static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd, 2293 const char *cmd) 2294 { 2295 u8 addr[ETH_ALEN]; 2296 struct sta_info *sta; 2297 2298 if (hwaddr_aton(cmd, addr)) 2299 return -1; 2300 2301 sta = ap_get_sta(hapd, addr); 2302 if (!sta || !sta->eapol_sm) 2303 return -1; 2304 2305 eapol_auth_reauthenticate(sta->eapol_sm); 2306 return 0; 2307 } 2308 2309 2310 static int hostapd_ctrl_iface_eapol_set(struct hostapd_data *hapd, char *cmd) 2311 { 2312 u8 addr[ETH_ALEN]; 2313 struct sta_info *sta; 2314 char *pos = cmd, *param; 2315 2316 if (hwaddr_aton(pos, addr) || pos[17] != ' ') 2317 return -1; 2318 pos += 18; 2319 param = pos; 2320 pos = os_strchr(pos, ' '); 2321 if (!pos) 2322 return -1; 2323 *pos++ = '\0'; 2324 2325 sta = ap_get_sta(hapd, addr); 2326 if (!sta || !sta->eapol_sm) 2327 return -1; 2328 2329 return eapol_auth_set_conf(sta->eapol_sm, param, pos); 2330 } 2331 2332 2333 static int hostapd_ctrl_iface_log_level(struct hostapd_data *hapd, char *cmd, 2334 char *buf, size_t buflen) 2335 { 2336 char *pos, *end, *stamp; 2337 int ret; 2338 2339 /* cmd: "LOG_LEVEL [<level>]" */ 2340 if (*cmd == '\0') { 2341 pos = buf; 2342 end = buf + buflen; 2343 ret = os_snprintf(pos, end - pos, "Current level: %s\n" 2344 "Timestamp: %d\n", 2345 debug_level_str(wpa_debug_level), 2346 wpa_debug_timestamp); 2347 if (os_snprintf_error(end - pos, ret)) 2348 ret = 0; 2349 2350 return ret; 2351 } 2352 2353 while (*cmd == ' ') 2354 cmd++; 2355 2356 stamp = os_strchr(cmd, ' '); 2357 if (stamp) { 2358 *stamp++ = '\0'; 2359 while (*stamp == ' ') { 2360 stamp++; 2361 } 2362 } 2363 2364 if (os_strlen(cmd)) { 2365 int level = str_to_debug_level(cmd); 2366 if (level < 0) 2367 return -1; 2368 wpa_debug_level = level; 2369 } 2370 2371 if (stamp && os_strlen(stamp)) 2372 wpa_debug_timestamp = atoi(stamp); 2373 2374 os_memcpy(buf, "OK\n", 3); 2375 return 3; 2376 } 2377 2378 2379 #ifdef NEED_AP_MLME 2380 static int hostapd_ctrl_iface_track_sta_list(struct hostapd_data *hapd, 2381 char *buf, size_t buflen) 2382 { 2383 struct hostapd_iface *iface = hapd->iface; 2384 char *pos, *end; 2385 struct hostapd_sta_info *info; 2386 struct os_reltime now; 2387 2388 if (!iface->num_sta_seen) 2389 return 0; 2390 2391 sta_track_expire(iface, 0); 2392 2393 pos = buf; 2394 end = buf + buflen; 2395 2396 os_get_reltime(&now); 2397 dl_list_for_each_reverse(info, &iface->sta_seen, 2398 struct hostapd_sta_info, list) { 2399 struct os_reltime age; 2400 int ret; 2401 2402 os_reltime_sub(&now, &info->last_seen, &age); 2403 ret = os_snprintf(pos, end - pos, MACSTR " %u %d\n", 2404 MAC2STR(info->addr), (unsigned int) age.sec, 2405 info->ssi_signal); 2406 if (os_snprintf_error(end - pos, ret)) 2407 break; 2408 pos += ret; 2409 } 2410 2411 return pos - buf; 2412 } 2413 #endif /* NEED_AP_MLME */ 2414 2415 2416 static int hostapd_ctrl_iface_req_lci(struct hostapd_data *hapd, 2417 const char *cmd) 2418 { 2419 u8 addr[ETH_ALEN]; 2420 2421 if (hwaddr_aton(cmd, addr)) { 2422 wpa_printf(MSG_INFO, "CTRL: REQ_LCI: Invalid MAC address"); 2423 return -1; 2424 } 2425 2426 return hostapd_send_lci_req(hapd, addr); 2427 } 2428 2429 2430 static int hostapd_ctrl_iface_req_range(struct hostapd_data *hapd, char *cmd) 2431 { 2432 u8 addr[ETH_ALEN]; 2433 char *token, *context = NULL; 2434 int random_interval, min_ap; 2435 u8 responders[ETH_ALEN * RRM_RANGE_REQ_MAX_RESPONDERS]; 2436 unsigned int n_responders; 2437 2438 token = str_token(cmd, " ", &context); 2439 if (!token || hwaddr_aton(token, addr)) { 2440 wpa_printf(MSG_INFO, 2441 "CTRL: REQ_RANGE - Bad destination address"); 2442 return -1; 2443 } 2444 2445 token = str_token(cmd, " ", &context); 2446 if (!token) 2447 return -1; 2448 2449 random_interval = atoi(token); 2450 if (random_interval < 0 || random_interval > 0xffff) 2451 return -1; 2452 2453 token = str_token(cmd, " ", &context); 2454 if (!token) 2455 return -1; 2456 2457 min_ap = atoi(token); 2458 if (min_ap <= 0 || min_ap > WLAN_RRM_RANGE_REQ_MAX_MIN_AP) 2459 return -1; 2460 2461 n_responders = 0; 2462 while ((token = str_token(cmd, " ", &context))) { 2463 if (n_responders == RRM_RANGE_REQ_MAX_RESPONDERS) { 2464 wpa_printf(MSG_INFO, 2465 "CTRL: REQ_RANGE: Too many responders"); 2466 return -1; 2467 } 2468 2469 if (hwaddr_aton(token, responders + n_responders * ETH_ALEN)) { 2470 wpa_printf(MSG_INFO, 2471 "CTRL: REQ_RANGE: Bad responder address"); 2472 return -1; 2473 } 2474 2475 n_responders++; 2476 } 2477 2478 if (!n_responders) { 2479 wpa_printf(MSG_INFO, 2480 "CTRL: REQ_RANGE - No FTM responder address"); 2481 return -1; 2482 } 2483 2484 return hostapd_send_range_req(hapd, addr, random_interval, min_ap, 2485 responders, n_responders); 2486 } 2487 2488 2489 static int hostapd_ctrl_iface_req_beacon(struct hostapd_data *hapd, 2490 const char *cmd, char *reply, 2491 size_t reply_size) 2492 { 2493 u8 addr[ETH_ALEN]; 2494 const char *pos; 2495 struct wpabuf *req; 2496 int ret; 2497 u8 req_mode = 0; 2498 2499 if (hwaddr_aton(cmd, addr)) 2500 return -1; 2501 pos = os_strchr(cmd, ' '); 2502 if (!pos) 2503 return -1; 2504 pos++; 2505 if (os_strncmp(pos, "req_mode=", 9) == 0) { 2506 int val = hex2byte(pos + 9); 2507 2508 if (val < 0) 2509 return -1; 2510 req_mode = val; 2511 pos += 11; 2512 pos = os_strchr(pos, ' '); 2513 if (!pos) 2514 return -1; 2515 pos++; 2516 } 2517 req = wpabuf_parse_bin(pos); 2518 if (!req) 2519 return -1; 2520 2521 ret = hostapd_send_beacon_req(hapd, addr, req_mode, req); 2522 wpabuf_free(req); 2523 if (ret >= 0) 2524 ret = os_snprintf(reply, reply_size, "%d", ret); 2525 return ret; 2526 } 2527 2528 2529 static int hostapd_ctrl_iface_set_neighbor(struct hostapd_data *hapd, char *buf) 2530 { 2531 struct wpa_ssid_value ssid; 2532 u8 bssid[ETH_ALEN]; 2533 struct wpabuf *nr, *lci = NULL, *civic = NULL; 2534 int stationary = 0; 2535 char *tmp; 2536 int ret; 2537 2538 if (!(hapd->conf->radio_measurements[0] & 2539 WLAN_RRM_CAPS_NEIGHBOR_REPORT)) { 2540 wpa_printf(MSG_ERROR, 2541 "CTRL: SET_NEIGHBOR: Neighbor report is not enabled"); 2542 return -1; 2543 } 2544 2545 if (hwaddr_aton(buf, bssid)) { 2546 wpa_printf(MSG_ERROR, "CTRL: SET_NEIGHBOR: Bad BSSID"); 2547 return -1; 2548 } 2549 2550 tmp = os_strstr(buf, "ssid="); 2551 if (!tmp || ssid_parse(tmp + 5, &ssid)) { 2552 wpa_printf(MSG_ERROR, 2553 "CTRL: SET_NEIGHBOR: Bad or missing SSID"); 2554 return -1; 2555 } 2556 buf = os_strchr(tmp + 6, tmp[5] == '"' ? '"' : ' '); 2557 if (!buf) 2558 return -1; 2559 2560 tmp = os_strstr(buf, "nr="); 2561 if (!tmp) { 2562 wpa_printf(MSG_ERROR, 2563 "CTRL: SET_NEIGHBOR: Missing Neighbor Report element"); 2564 return -1; 2565 } 2566 2567 buf = os_strchr(tmp, ' '); 2568 if (buf) 2569 *buf++ = '\0'; 2570 2571 nr = wpabuf_parse_bin(tmp + 3); 2572 if (!nr) { 2573 wpa_printf(MSG_ERROR, 2574 "CTRL: SET_NEIGHBOR: Bad Neighbor Report element"); 2575 return -1; 2576 } 2577 2578 if (!buf) 2579 goto set; 2580 2581 tmp = os_strstr(buf, "lci="); 2582 if (tmp) { 2583 buf = os_strchr(tmp, ' '); 2584 if (buf) 2585 *buf++ = '\0'; 2586 lci = wpabuf_parse_bin(tmp + 4); 2587 if (!lci) { 2588 wpa_printf(MSG_ERROR, 2589 "CTRL: SET_NEIGHBOR: Bad LCI subelement"); 2590 wpabuf_free(nr); 2591 return -1; 2592 } 2593 } 2594 2595 if (!buf) 2596 goto set; 2597 2598 tmp = os_strstr(buf, "civic="); 2599 if (tmp) { 2600 buf = os_strchr(tmp, ' '); 2601 if (buf) 2602 *buf++ = '\0'; 2603 civic = wpabuf_parse_bin(tmp + 6); 2604 if (!civic) { 2605 wpa_printf(MSG_ERROR, 2606 "CTRL: SET_NEIGHBOR: Bad civic subelement"); 2607 wpabuf_free(nr); 2608 wpabuf_free(lci); 2609 return -1; 2610 } 2611 } 2612 2613 if (!buf) 2614 goto set; 2615 2616 if (os_strstr(buf, "stat")) 2617 stationary = 1; 2618 2619 set: 2620 ret = hostapd_neighbor_set(hapd, bssid, &ssid, nr, lci, civic, 2621 stationary); 2622 2623 wpabuf_free(nr); 2624 wpabuf_free(lci); 2625 wpabuf_free(civic); 2626 2627 return ret; 2628 } 2629 2630 2631 static int hostapd_ctrl_iface_remove_neighbor(struct hostapd_data *hapd, 2632 char *buf) 2633 { 2634 struct wpa_ssid_value ssid; 2635 u8 bssid[ETH_ALEN]; 2636 char *tmp; 2637 2638 if (hwaddr_aton(buf, bssid)) { 2639 wpa_printf(MSG_ERROR, "CTRL: REMOVE_NEIGHBOR: Bad BSSID"); 2640 return -1; 2641 } 2642 2643 tmp = os_strstr(buf, "ssid="); 2644 if (!tmp || ssid_parse(tmp + 5, &ssid)) { 2645 wpa_printf(MSG_ERROR, 2646 "CTRL: REMOVE_NEIGHBORr: Bad or missing SSID"); 2647 return -1; 2648 } 2649 2650 return hostapd_neighbor_remove(hapd, bssid, &ssid); 2651 } 2652 2653 2654 static int hostapd_ctrl_driver_flags(struct hostapd_iface *iface, char *buf, 2655 size_t buflen) 2656 { 2657 int ret, i; 2658 char *pos, *end; 2659 2660 ret = os_snprintf(buf, buflen, "%016llX:\n", 2661 (long long unsigned) iface->drv_flags); 2662 if (os_snprintf_error(buflen, ret)) 2663 return -1; 2664 2665 pos = buf + ret; 2666 end = buf + buflen; 2667 2668 for (i = 0; i < 64; i++) { 2669 if (iface->drv_flags & (1LLU << i)) { 2670 ret = os_snprintf(pos, end - pos, "%s\n", 2671 driver_flag_to_string(1LLU << i)); 2672 if (os_snprintf_error(end - pos, ret)) 2673 return -1; 2674 pos += ret; 2675 } 2676 } 2677 2678 return pos - buf; 2679 } 2680 2681 2682 static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, 2683 char *buf, char *reply, 2684 int reply_size, 2685 struct sockaddr_storage *from, 2686 socklen_t fromlen) 2687 { 2688 int reply_len, res; 2689 2690 os_memcpy(reply, "OK\n", 3); 2691 reply_len = 3; 2692 2693 if (os_strcmp(buf, "PING") == 0) { 2694 os_memcpy(reply, "PONG\n", 5); 2695 reply_len = 5; 2696 } else if (os_strncmp(buf, "RELOG", 5) == 0) { 2697 if (wpa_debug_reopen_file() < 0) 2698 reply_len = -1; 2699 } else if (os_strcmp(buf, "STATUS") == 0) { 2700 reply_len = hostapd_ctrl_iface_status(hapd, reply, 2701 reply_size); 2702 } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) { 2703 reply_len = hostapd_drv_status(hapd, reply, reply_size); 2704 } else if (os_strcmp(buf, "MIB") == 0) { 2705 reply_len = ieee802_11_get_mib(hapd, reply, reply_size); 2706 if (reply_len >= 0) { 2707 res = wpa_get_mib(hapd->wpa_auth, reply + reply_len, 2708 reply_size - reply_len); 2709 if (res < 0) 2710 reply_len = -1; 2711 else 2712 reply_len += res; 2713 } 2714 if (reply_len >= 0) { 2715 res = ieee802_1x_get_mib(hapd, reply + reply_len, 2716 reply_size - reply_len); 2717 if (res < 0) 2718 reply_len = -1; 2719 else 2720 reply_len += res; 2721 } 2722 #ifndef CONFIG_NO_RADIUS 2723 if (reply_len >= 0) { 2724 res = radius_client_get_mib(hapd->radius, 2725 reply + reply_len, 2726 reply_size - reply_len); 2727 if (res < 0) 2728 reply_len = -1; 2729 else 2730 reply_len += res; 2731 } 2732 #endif /* CONFIG_NO_RADIUS */ 2733 } else if (os_strncmp(buf, "MIB ", 4) == 0) { 2734 reply_len = hostapd_ctrl_iface_mib(hapd, reply, reply_size, 2735 buf + 4); 2736 } else if (os_strcmp(buf, "STA-FIRST") == 0) { 2737 reply_len = hostapd_ctrl_iface_sta_first(hapd, reply, 2738 reply_size); 2739 } else if (os_strncmp(buf, "STA ", 4) == 0) { 2740 reply_len = hostapd_ctrl_iface_sta(hapd, buf + 4, reply, 2741 reply_size); 2742 } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { 2743 reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, 2744 reply_size); 2745 } else if (os_strcmp(buf, "ATTACH") == 0) { 2746 if (hostapd_ctrl_iface_attach(hapd, from, fromlen)) 2747 reply_len = -1; 2748 } else if (os_strcmp(buf, "DETACH") == 0) { 2749 if (hostapd_ctrl_iface_detach(hapd, from, fromlen)) 2750 reply_len = -1; 2751 } else if (os_strncmp(buf, "LEVEL ", 6) == 0) { 2752 if (hostapd_ctrl_iface_level(hapd, from, fromlen, 2753 buf + 6)) 2754 reply_len = -1; 2755 } else if (os_strncmp(buf, "NEW_STA ", 8) == 0) { 2756 if (hostapd_ctrl_iface_new_sta(hapd, buf + 8)) 2757 reply_len = -1; 2758 } else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) { 2759 if (hostapd_ctrl_iface_deauthenticate(hapd, buf + 15)) 2760 reply_len = -1; 2761 } else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) { 2762 if (hostapd_ctrl_iface_disassociate(hapd, buf + 13)) 2763 reply_len = -1; 2764 #ifdef CONFIG_TAXONOMY 2765 } else if (os_strncmp(buf, "SIGNATURE ", 10) == 0) { 2766 reply_len = hostapd_ctrl_iface_signature(hapd, buf + 10, 2767 reply, reply_size); 2768 #endif /* CONFIG_TAXONOMY */ 2769 } else if (os_strncmp(buf, "POLL_STA ", 9) == 0) { 2770 if (hostapd_ctrl_iface_poll_sta(hapd, buf + 9)) 2771 reply_len = -1; 2772 } else if (os_strcmp(buf, "STOP_AP") == 0) { 2773 if (hostapd_ctrl_iface_stop_ap(hapd)) 2774 reply_len = -1; 2775 #ifdef CONFIG_IEEE80211W 2776 #ifdef NEED_AP_MLME 2777 } else if (os_strncmp(buf, "SA_QUERY ", 9) == 0) { 2778 if (hostapd_ctrl_iface_sa_query(hapd, buf + 9)) 2779 reply_len = -1; 2780 #endif /* NEED_AP_MLME */ 2781 #endif /* CONFIG_IEEE80211W */ 2782 #ifdef CONFIG_WPS 2783 } else if (os_strncmp(buf, "WPS_PIN ", 8) == 0) { 2784 if (hostapd_ctrl_iface_wps_pin(hapd, buf + 8)) 2785 reply_len = -1; 2786 } else if (os_strncmp(buf, "WPS_CHECK_PIN ", 14) == 0) { 2787 reply_len = hostapd_ctrl_iface_wps_check_pin( 2788 hapd, buf + 14, reply, reply_size); 2789 } else if (os_strcmp(buf, "WPS_PBC") == 0) { 2790 if (hostapd_wps_button_pushed(hapd, NULL)) 2791 reply_len = -1; 2792 } else if (os_strcmp(buf, "WPS_CANCEL") == 0) { 2793 if (hostapd_wps_cancel(hapd)) 2794 reply_len = -1; 2795 } else if (os_strncmp(buf, "WPS_AP_PIN ", 11) == 0) { 2796 reply_len = hostapd_ctrl_iface_wps_ap_pin(hapd, buf + 11, 2797 reply, reply_size); 2798 } else if (os_strncmp(buf, "WPS_CONFIG ", 11) == 0) { 2799 if (hostapd_ctrl_iface_wps_config(hapd, buf + 11) < 0) 2800 reply_len = -1; 2801 } else if (os_strncmp(buf, "WPS_GET_STATUS", 13) == 0) { 2802 reply_len = hostapd_ctrl_iface_wps_get_status(hapd, reply, 2803 reply_size); 2804 #ifdef CONFIG_WPS_NFC 2805 } else if (os_strncmp(buf, "WPS_NFC_TAG_READ ", 17) == 0) { 2806 if (hostapd_ctrl_iface_wps_nfc_tag_read(hapd, buf + 17)) 2807 reply_len = -1; 2808 } else if (os_strncmp(buf, "WPS_NFC_CONFIG_TOKEN ", 21) == 0) { 2809 reply_len = hostapd_ctrl_iface_wps_nfc_config_token( 2810 hapd, buf + 21, reply, reply_size); 2811 } else if (os_strncmp(buf, "WPS_NFC_TOKEN ", 14) == 0) { 2812 reply_len = hostapd_ctrl_iface_wps_nfc_token( 2813 hapd, buf + 14, reply, reply_size); 2814 } else if (os_strncmp(buf, "NFC_GET_HANDOVER_SEL ", 21) == 0) { 2815 reply_len = hostapd_ctrl_iface_nfc_get_handover_sel( 2816 hapd, buf + 21, reply, reply_size); 2817 } else if (os_strncmp(buf, "NFC_REPORT_HANDOVER ", 20) == 0) { 2818 if (hostapd_ctrl_iface_nfc_report_handover(hapd, buf + 20)) 2819 reply_len = -1; 2820 #endif /* CONFIG_WPS_NFC */ 2821 #endif /* CONFIG_WPS */ 2822 #ifdef CONFIG_INTERWORKING 2823 } else if (os_strncmp(buf, "SET_QOS_MAP_SET ", 16) == 0) { 2824 if (hostapd_ctrl_iface_set_qos_map_set(hapd, buf + 16)) 2825 reply_len = -1; 2826 } else if (os_strncmp(buf, "SEND_QOS_MAP_CONF ", 18) == 0) { 2827 if (hostapd_ctrl_iface_send_qos_map_conf(hapd, buf + 18)) 2828 reply_len = -1; 2829 #endif /* CONFIG_INTERWORKING */ 2830 #ifdef CONFIG_HS20 2831 } else if (os_strncmp(buf, "HS20_WNM_NOTIF ", 15) == 0) { 2832 if (hostapd_ctrl_iface_hs20_wnm_notif(hapd, buf + 15)) 2833 reply_len = -1; 2834 } else if (os_strncmp(buf, "HS20_DEAUTH_REQ ", 16) == 0) { 2835 if (hostapd_ctrl_iface_hs20_deauth_req(hapd, buf + 16)) 2836 reply_len = -1; 2837 #endif /* CONFIG_HS20 */ 2838 #ifdef CONFIG_WNM_AP 2839 } else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) { 2840 if (hostapd_ctrl_iface_disassoc_imminent(hapd, buf + 18)) 2841 reply_len = -1; 2842 } else if (os_strncmp(buf, "ESS_DISASSOC ", 13) == 0) { 2843 if (hostapd_ctrl_iface_ess_disassoc(hapd, buf + 13)) 2844 reply_len = -1; 2845 } else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) { 2846 if (hostapd_ctrl_iface_bss_tm_req(hapd, buf + 11)) 2847 reply_len = -1; 2848 #endif /* CONFIG_WNM_AP */ 2849 } else if (os_strcmp(buf, "GET_CONFIG") == 0) { 2850 reply_len = hostapd_ctrl_iface_get_config(hapd, reply, 2851 reply_size); 2852 } else if (os_strncmp(buf, "SET ", 4) == 0) { 2853 if (hostapd_ctrl_iface_set(hapd, buf + 4)) 2854 reply_len = -1; 2855 } else if (os_strncmp(buf, "GET ", 4) == 0) { 2856 reply_len = hostapd_ctrl_iface_get(hapd, buf + 4, reply, 2857 reply_size); 2858 } else if (os_strncmp(buf, "ENABLE", 6) == 0) { 2859 if (hostapd_ctrl_iface_enable(hapd->iface)) 2860 reply_len = -1; 2861 } else if (os_strncmp(buf, "RELOAD", 6) == 0) { 2862 if (hostapd_ctrl_iface_reload(hapd->iface)) 2863 reply_len = -1; 2864 } else if (os_strncmp(buf, "DISABLE", 7) == 0) { 2865 if (hostapd_ctrl_iface_disable(hapd->iface)) 2866 reply_len = -1; 2867 } else if (os_strcmp(buf, "UPDATE_BEACON") == 0) { 2868 if (ieee802_11_set_beacon(hapd)) 2869 reply_len = -1; 2870 #ifdef CONFIG_TESTING_OPTIONS 2871 } else if (os_strncmp(buf, "RADAR ", 6) == 0) { 2872 if (hostapd_ctrl_iface_radar(hapd, buf + 6)) 2873 reply_len = -1; 2874 } else if (os_strncmp(buf, "MGMT_TX ", 8) == 0) { 2875 if (hostapd_ctrl_iface_mgmt_tx(hapd, buf + 8)) 2876 reply_len = -1; 2877 } else if (os_strncmp(buf, "MGMT_TX_STATUS_PROCESS ", 23) == 0) { 2878 if (hostapd_ctrl_iface_mgmt_tx_status_process(hapd, 2879 buf + 23) < 0) 2880 reply_len = -1; 2881 } else if (os_strncmp(buf, "MGMT_RX_PROCESS ", 16) == 0) { 2882 if (hostapd_ctrl_iface_mgmt_rx_process(hapd, buf + 16) < 0) 2883 reply_len = -1; 2884 } else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) { 2885 if (hostapd_ctrl_iface_eapol_rx(hapd, buf + 9) < 0) 2886 reply_len = -1; 2887 } else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) { 2888 if (hostapd_ctrl_iface_data_test_config(hapd, buf + 17) < 0) 2889 reply_len = -1; 2890 } else if (os_strncmp(buf, "DATA_TEST_TX ", 13) == 0) { 2891 if (hostapd_ctrl_iface_data_test_tx(hapd, buf + 13) < 0) 2892 reply_len = -1; 2893 } else if (os_strncmp(buf, "DATA_TEST_FRAME ", 16) == 0) { 2894 if (hostapd_ctrl_iface_data_test_frame(hapd, buf + 16) < 0) 2895 reply_len = -1; 2896 } else if (os_strncmp(buf, "TEST_ALLOC_FAIL ", 16) == 0) { 2897 if (hostapd_ctrl_test_alloc_fail(hapd, buf + 16) < 0) 2898 reply_len = -1; 2899 } else if (os_strcmp(buf, "GET_ALLOC_FAIL") == 0) { 2900 reply_len = hostapd_ctrl_get_alloc_fail(hapd, reply, 2901 reply_size); 2902 } else if (os_strncmp(buf, "TEST_FAIL ", 10) == 0) { 2903 if (hostapd_ctrl_test_fail(hapd, buf + 10) < 0) 2904 reply_len = -1; 2905 } else if (os_strcmp(buf, "GET_FAIL") == 0) { 2906 reply_len = hostapd_ctrl_get_fail(hapd, reply, reply_size); 2907 } else if (os_strncmp(buf, "RESET_PN ", 9) == 0) { 2908 if (hostapd_ctrl_reset_pn(hapd, buf + 9) < 0) 2909 reply_len = -1; 2910 } else if (os_strncmp(buf, "SET_KEY ", 8) == 0) { 2911 if (hostapd_ctrl_set_key(hapd, buf + 8) < 0) 2912 reply_len = -1; 2913 } else if (os_strncmp(buf, "RESEND_M1 ", 10) == 0) { 2914 if (hostapd_ctrl_resend_m1(hapd, buf + 10) < 0) 2915 reply_len = -1; 2916 } else if (os_strncmp(buf, "RESEND_M3 ", 10) == 0) { 2917 if (hostapd_ctrl_resend_m3(hapd, buf + 10) < 0) 2918 reply_len = -1; 2919 } else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) { 2920 if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0) 2921 reply_len = -1; 2922 #endif /* CONFIG_TESTING_OPTIONS */ 2923 } else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) { 2924 if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12)) 2925 reply_len = -1; 2926 } else if (os_strncmp(buf, "VENDOR ", 7) == 0) { 2927 reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply, 2928 reply_size); 2929 } else if (os_strcmp(buf, "ERP_FLUSH") == 0) { 2930 ieee802_1x_erp_flush(hapd); 2931 #ifdef RADIUS_SERVER 2932 radius_server_erp_flush(hapd->radius_srv); 2933 #endif /* RADIUS_SERVER */ 2934 } else if (os_strncmp(buf, "EAPOL_REAUTH ", 13) == 0) { 2935 if (hostapd_ctrl_iface_eapol_reauth(hapd, buf + 13)) 2936 reply_len = -1; 2937 } else if (os_strncmp(buf, "EAPOL_SET ", 10) == 0) { 2938 if (hostapd_ctrl_iface_eapol_set(hapd, buf + 10)) 2939 reply_len = -1; 2940 } else if (os_strncmp(buf, "LOG_LEVEL", 9) == 0) { 2941 reply_len = hostapd_ctrl_iface_log_level( 2942 hapd, buf + 9, reply, reply_size); 2943 #ifdef NEED_AP_MLME 2944 } else if (os_strcmp(buf, "TRACK_STA_LIST") == 0) { 2945 reply_len = hostapd_ctrl_iface_track_sta_list( 2946 hapd, reply, reply_size); 2947 #endif /* NEED_AP_MLME */ 2948 } else if (os_strcmp(buf, "PMKSA") == 0) { 2949 reply_len = hostapd_ctrl_iface_pmksa_list(hapd, reply, 2950 reply_size); 2951 } else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) { 2952 hostapd_ctrl_iface_pmksa_flush(hapd); 2953 } else if (os_strncmp(buf, "PMKSA_ADD ", 10) == 0) { 2954 if (hostapd_ctrl_iface_pmksa_add(hapd, buf + 10) < 0) 2955 reply_len = -1; 2956 } else if (os_strncmp(buf, "SET_NEIGHBOR ", 13) == 0) { 2957 if (hostapd_ctrl_iface_set_neighbor(hapd, buf + 13)) 2958 reply_len = -1; 2959 } else if (os_strncmp(buf, "REMOVE_NEIGHBOR ", 16) == 0) { 2960 if (hostapd_ctrl_iface_remove_neighbor(hapd, buf + 16)) 2961 reply_len = -1; 2962 } else if (os_strncmp(buf, "REQ_LCI ", 8) == 0) { 2963 if (hostapd_ctrl_iface_req_lci(hapd, buf + 8)) 2964 reply_len = -1; 2965 } else if (os_strncmp(buf, "REQ_RANGE ", 10) == 0) { 2966 if (hostapd_ctrl_iface_req_range(hapd, buf + 10)) 2967 reply_len = -1; 2968 } else if (os_strncmp(buf, "REQ_BEACON ", 11) == 0) { 2969 reply_len = hostapd_ctrl_iface_req_beacon(hapd, buf + 11, 2970 reply, reply_size); 2971 } else if (os_strcmp(buf, "DRIVER_FLAGS") == 0) { 2972 reply_len = hostapd_ctrl_driver_flags(hapd->iface, reply, 2973 reply_size); 2974 } else if (os_strcmp(buf, "TERMINATE") == 0) { 2975 eloop_terminate(); 2976 #ifdef CONFIG_DPP 2977 } else if (os_strncmp(buf, "DPP_QR_CODE ", 12) == 0) { 2978 res = hostapd_dpp_qr_code(hapd, buf + 12); 2979 if (res < 0) { 2980 reply_len = -1; 2981 } else { 2982 reply_len = os_snprintf(reply, reply_size, "%d", res); 2983 if (os_snprintf_error(reply_size, reply_len)) 2984 reply_len = -1; 2985 } 2986 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_GEN ", 18) == 0) { 2987 res = hostapd_dpp_bootstrap_gen(hapd, buf + 18); 2988 if (res < 0) { 2989 reply_len = -1; 2990 } else { 2991 reply_len = os_snprintf(reply, reply_size, "%d", res); 2992 if (os_snprintf_error(reply_size, reply_len)) 2993 reply_len = -1; 2994 } 2995 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_REMOVE ", 21) == 0) { 2996 if (hostapd_dpp_bootstrap_remove(hapd, buf + 21) < 0) 2997 reply_len = -1; 2998 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_GET_URI ", 22) == 0) { 2999 const char *uri; 3000 3001 uri = hostapd_dpp_bootstrap_get_uri(hapd, atoi(buf + 22)); 3002 if (!uri) { 3003 reply_len = -1; 3004 } else { 3005 reply_len = os_snprintf(reply, reply_size, "%s", uri); 3006 if (os_snprintf_error(reply_size, reply_len)) 3007 reply_len = -1; 3008 } 3009 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_INFO ", 19) == 0) { 3010 reply_len = hostapd_dpp_bootstrap_info(hapd, atoi(buf + 19), 3011 reply, reply_size); 3012 } else if (os_strncmp(buf, "DPP_AUTH_INIT ", 14) == 0) { 3013 if (hostapd_dpp_auth_init(hapd, buf + 13) < 0) 3014 reply_len = -1; 3015 } else if (os_strncmp(buf, "DPP_CONFIGURATOR_ADD", 20) == 0) { 3016 res = hostapd_dpp_configurator_add(hapd, buf + 20); 3017 if (res < 0) { 3018 reply_len = -1; 3019 } else { 3020 reply_len = os_snprintf(reply, reply_size, "%d", res); 3021 if (os_snprintf_error(reply_size, reply_len)) 3022 reply_len = -1; 3023 } 3024 } else if (os_strncmp(buf, "DPP_CONFIGURATOR_REMOVE ", 24) == 0) { 3025 if (hostapd_dpp_configurator_remove(hapd, buf + 24) < 0) 3026 reply_len = -1; 3027 } else if (os_strncmp(buf, "DPP_PKEX_ADD ", 13) == 0) { 3028 res = hostapd_dpp_pkex_add(hapd, buf + 12); 3029 if (res < 0) { 3030 reply_len = -1; 3031 } else { 3032 reply_len = os_snprintf(reply, reply_size, "%d", res); 3033 if (os_snprintf_error(reply_size, reply_len)) 3034 reply_len = -1; 3035 } 3036 } else if (os_strncmp(buf, "DPP_PKEX_REMOVE ", 16) == 0) { 3037 if (hostapd_dpp_pkex_remove(hapd, buf + 16) < 0) 3038 reply_len = -1; 3039 #endif /* CONFIG_DPP */ 3040 } else { 3041 os_memcpy(reply, "UNKNOWN COMMAND\n", 16); 3042 reply_len = 16; 3043 } 3044 3045 if (reply_len < 0) { 3046 os_memcpy(reply, "FAIL\n", 5); 3047 reply_len = 5; 3048 } 3049 3050 return reply_len; 3051 } 3052 3053 3054 static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx, 3055 void *sock_ctx) 3056 { 3057 struct hostapd_data *hapd = eloop_ctx; 3058 char buf[4096]; 3059 int res; 3060 struct sockaddr_storage from; 3061 socklen_t fromlen = sizeof(from); 3062 char *reply, *pos = buf; 3063 const int reply_size = 4096; 3064 int reply_len; 3065 int level = MSG_DEBUG; 3066 #ifdef CONFIG_CTRL_IFACE_UDP 3067 unsigned char lcookie[COOKIE_LEN]; 3068 #endif /* CONFIG_CTRL_IFACE_UDP */ 3069 3070 res = recvfrom(sock, buf, sizeof(buf) - 1, 0, 3071 (struct sockaddr *) &from, &fromlen); 3072 if (res < 0) { 3073 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", 3074 strerror(errno)); 3075 return; 3076 } 3077 buf[res] = '\0'; 3078 3079 reply = os_malloc(reply_size); 3080 if (reply == NULL) { 3081 if (sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from, 3082 fromlen) < 0) { 3083 wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s", 3084 strerror(errno)); 3085 } 3086 return; 3087 } 3088 3089 #ifdef CONFIG_CTRL_IFACE_UDP 3090 if (os_strcmp(buf, "GET_COOKIE") == 0) { 3091 os_memcpy(reply, "COOKIE=", 7); 3092 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1, 3093 cookie, COOKIE_LEN); 3094 reply_len = 7 + 2 * COOKIE_LEN; 3095 goto done; 3096 } 3097 3098 if (os_strncmp(buf, "COOKIE=", 7) != 0 || 3099 hexstr2bin(buf + 7, lcookie, COOKIE_LEN) < 0) { 3100 wpa_printf(MSG_DEBUG, 3101 "CTRL: No cookie in the request - drop request"); 3102 os_free(reply); 3103 return; 3104 } 3105 3106 if (os_memcmp(cookie, lcookie, COOKIE_LEN) != 0) { 3107 wpa_printf(MSG_DEBUG, 3108 "CTRL: Invalid cookie in the request - drop request"); 3109 os_free(reply); 3110 return; 3111 } 3112 3113 pos = buf + 7 + 2 * COOKIE_LEN; 3114 while (*pos == ' ') 3115 pos++; 3116 #endif /* CONFIG_CTRL_IFACE_UDP */ 3117 3118 if (os_strcmp(pos, "PING") == 0) 3119 level = MSG_EXCESSIVE; 3120 wpa_hexdump_ascii(level, "RX ctrl_iface", pos, res); 3121 3122 reply_len = hostapd_ctrl_iface_receive_process(hapd, pos, 3123 reply, reply_size, 3124 &from, fromlen); 3125 3126 #ifdef CONFIG_CTRL_IFACE_UDP 3127 done: 3128 #endif /* CONFIG_CTRL_IFACE_UDP */ 3129 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, 3130 fromlen) < 0) { 3131 wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s", 3132 strerror(errno)); 3133 } 3134 os_free(reply); 3135 } 3136 3137 3138 #ifndef CONFIG_CTRL_IFACE_UDP 3139 static char * hostapd_ctrl_iface_path(struct hostapd_data *hapd) 3140 { 3141 char *buf; 3142 size_t len; 3143 3144 if (hapd->conf->ctrl_interface == NULL) 3145 return NULL; 3146 3147 len = os_strlen(hapd->conf->ctrl_interface) + 3148 os_strlen(hapd->conf->iface) + 2; 3149 buf = os_malloc(len); 3150 if (buf == NULL) 3151 return NULL; 3152 3153 os_snprintf(buf, len, "%s/%s", 3154 hapd->conf->ctrl_interface, hapd->conf->iface); 3155 buf[len - 1] = '\0'; 3156 return buf; 3157 } 3158 #endif /* CONFIG_CTRL_IFACE_UDP */ 3159 3160 3161 static void hostapd_ctrl_iface_msg_cb(void *ctx, int level, 3162 enum wpa_msg_type type, 3163 const char *txt, size_t len) 3164 { 3165 struct hostapd_data *hapd = ctx; 3166 if (hapd == NULL) 3167 return; 3168 hostapd_ctrl_iface_send(hapd, level, type, txt, len); 3169 } 3170 3171 3172 int hostapd_ctrl_iface_init(struct hostapd_data *hapd) 3173 { 3174 #ifdef CONFIG_CTRL_IFACE_UDP 3175 int port = HOSTAPD_CTRL_IFACE_PORT; 3176 char p[32] = { 0 }; 3177 char port_str[40], *tmp; 3178 char *pos; 3179 struct addrinfo hints = { 0 }, *res, *saveres; 3180 int n; 3181 3182 if (hapd->ctrl_sock > -1) { 3183 wpa_printf(MSG_DEBUG, "ctrl_iface already exists!"); 3184 return 0; 3185 } 3186 3187 if (hapd->conf->ctrl_interface == NULL) 3188 return 0; 3189 3190 pos = os_strstr(hapd->conf->ctrl_interface, "udp:"); 3191 if (pos) { 3192 pos += 4; 3193 port = atoi(pos); 3194 if (port <= 0) { 3195 wpa_printf(MSG_ERROR, "Invalid ctrl_iface UDP port"); 3196 goto fail; 3197 } 3198 } 3199 3200 dl_list_init(&hapd->ctrl_dst); 3201 hapd->ctrl_sock = -1; 3202 os_get_random(cookie, COOKIE_LEN); 3203 3204 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE 3205 hints.ai_flags = AI_PASSIVE; 3206 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */ 3207 3208 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6 3209 hints.ai_family = AF_INET6; 3210 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */ 3211 hints.ai_family = AF_INET; 3212 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */ 3213 hints.ai_socktype = SOCK_DGRAM; 3214 3215 try_again: 3216 os_snprintf(p, sizeof(p), "%d", port); 3217 n = getaddrinfo(NULL, p, &hints, &res); 3218 if (n) { 3219 wpa_printf(MSG_ERROR, "getaddrinfo(): %s", gai_strerror(n)); 3220 goto fail; 3221 } 3222 3223 saveres = res; 3224 hapd->ctrl_sock = socket(res->ai_family, res->ai_socktype, 3225 res->ai_protocol); 3226 if (hapd->ctrl_sock < 0) { 3227 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno)); 3228 goto fail; 3229 } 3230 3231 if (bind(hapd->ctrl_sock, res->ai_addr, res->ai_addrlen) < 0) { 3232 port--; 3233 if ((HOSTAPD_CTRL_IFACE_PORT - port) < 3234 HOSTAPD_CTRL_IFACE_PORT_LIMIT && !pos) 3235 goto try_again; 3236 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno)); 3237 goto fail; 3238 } 3239 3240 freeaddrinfo(saveres); 3241 3242 os_snprintf(port_str, sizeof(port_str), "udp:%d", port); 3243 tmp = os_strdup(port_str); 3244 if (tmp) { 3245 os_free(hapd->conf->ctrl_interface); 3246 hapd->conf->ctrl_interface = tmp; 3247 } 3248 wpa_printf(MSG_DEBUG, "ctrl_iface_init UDP port: %d", port); 3249 3250 if (eloop_register_read_sock(hapd->ctrl_sock, 3251 hostapd_ctrl_iface_receive, hapd, NULL) < 3252 0) { 3253 hostapd_ctrl_iface_deinit(hapd); 3254 return -1; 3255 } 3256 3257 hapd->msg_ctx = hapd; 3258 wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb); 3259 3260 return 0; 3261 3262 fail: 3263 if (hapd->ctrl_sock >= 0) 3264 close(hapd->ctrl_sock); 3265 return -1; 3266 #else /* CONFIG_CTRL_IFACE_UDP */ 3267 struct sockaddr_un addr; 3268 int s = -1; 3269 char *fname = NULL; 3270 3271 if (hapd->ctrl_sock > -1) { 3272 wpa_printf(MSG_DEBUG, "ctrl_iface already exists!"); 3273 return 0; 3274 } 3275 3276 dl_list_init(&hapd->ctrl_dst); 3277 3278 if (hapd->conf->ctrl_interface == NULL) 3279 return 0; 3280 3281 if (mkdir(hapd->conf->ctrl_interface, S_IRWXU | S_IRWXG) < 0) { 3282 if (errno == EEXIST) { 3283 wpa_printf(MSG_DEBUG, "Using existing control " 3284 "interface directory."); 3285 } else { 3286 wpa_printf(MSG_ERROR, "mkdir[ctrl_interface]: %s", 3287 strerror(errno)); 3288 goto fail; 3289 } 3290 } 3291 3292 if (hapd->conf->ctrl_interface_gid_set && 3293 chown(hapd->conf->ctrl_interface, -1, 3294 hapd->conf->ctrl_interface_gid) < 0) { 3295 wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s", 3296 strerror(errno)); 3297 return -1; 3298 } 3299 3300 if (!hapd->conf->ctrl_interface_gid_set && 3301 hapd->iface->interfaces->ctrl_iface_group && 3302 chown(hapd->conf->ctrl_interface, -1, 3303 hapd->iface->interfaces->ctrl_iface_group) < 0) { 3304 wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s", 3305 strerror(errno)); 3306 return -1; 3307 } 3308 3309 #ifdef ANDROID 3310 /* 3311 * Android is using umask 0077 which would leave the control interface 3312 * directory without group access. This breaks things since Wi-Fi 3313 * framework assumes that this directory can be accessed by other 3314 * applications in the wifi group. Fix this by adding group access even 3315 * if umask value would prevent this. 3316 */ 3317 if (chmod(hapd->conf->ctrl_interface, S_IRWXU | S_IRWXG) < 0) { 3318 wpa_printf(MSG_ERROR, "CTRL: Could not chmod directory: %s", 3319 strerror(errno)); 3320 /* Try to continue anyway */ 3321 } 3322 #endif /* ANDROID */ 3323 3324 if (os_strlen(hapd->conf->ctrl_interface) + 1 + 3325 os_strlen(hapd->conf->iface) >= sizeof(addr.sun_path)) 3326 goto fail; 3327 3328 s = socket(PF_UNIX, SOCK_DGRAM, 0); 3329 if (s < 0) { 3330 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno)); 3331 goto fail; 3332 } 3333 3334 os_memset(&addr, 0, sizeof(addr)); 3335 #ifdef __FreeBSD__ 3336 addr.sun_len = sizeof(addr); 3337 #endif /* __FreeBSD__ */ 3338 addr.sun_family = AF_UNIX; 3339 fname = hostapd_ctrl_iface_path(hapd); 3340 if (fname == NULL) 3341 goto fail; 3342 os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path)); 3343 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 3344 wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s", 3345 strerror(errno)); 3346 if (connect(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 3347 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not" 3348 " allow connections - assuming it was left" 3349 "over from forced program termination"); 3350 if (unlink(fname) < 0) { 3351 wpa_printf(MSG_ERROR, 3352 "Could not unlink existing ctrl_iface socket '%s': %s", 3353 fname, strerror(errno)); 3354 goto fail; 3355 } 3356 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 3357 0) { 3358 wpa_printf(MSG_ERROR, 3359 "hostapd-ctrl-iface: bind(PF_UNIX): %s", 3360 strerror(errno)); 3361 goto fail; 3362 } 3363 wpa_printf(MSG_DEBUG, "Successfully replaced leftover " 3364 "ctrl_iface socket '%s'", fname); 3365 } else { 3366 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to " 3367 "be in use - cannot override it"); 3368 wpa_printf(MSG_INFO, "Delete '%s' manually if it is " 3369 "not used anymore", fname); 3370 os_free(fname); 3371 fname = NULL; 3372 goto fail; 3373 } 3374 } 3375 3376 if (hapd->conf->ctrl_interface_gid_set && 3377 chown(fname, -1, hapd->conf->ctrl_interface_gid) < 0) { 3378 wpa_printf(MSG_ERROR, "chown[ctrl_interface/ifname]: %s", 3379 strerror(errno)); 3380 goto fail; 3381 } 3382 3383 if (!hapd->conf->ctrl_interface_gid_set && 3384 hapd->iface->interfaces->ctrl_iface_group && 3385 chown(fname, -1, hapd->iface->interfaces->ctrl_iface_group) < 0) { 3386 wpa_printf(MSG_ERROR, "chown[ctrl_interface/ifname]: %s", 3387 strerror(errno)); 3388 goto fail; 3389 } 3390 3391 if (chmod(fname, S_IRWXU | S_IRWXG) < 0) { 3392 wpa_printf(MSG_ERROR, "chmod[ctrl_interface/ifname]: %s", 3393 strerror(errno)); 3394 goto fail; 3395 } 3396 os_free(fname); 3397 3398 hapd->ctrl_sock = s; 3399 if (eloop_register_read_sock(s, hostapd_ctrl_iface_receive, hapd, 3400 NULL) < 0) { 3401 hostapd_ctrl_iface_deinit(hapd); 3402 return -1; 3403 } 3404 hapd->msg_ctx = hapd; 3405 wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb); 3406 3407 return 0; 3408 3409 fail: 3410 if (s >= 0) 3411 close(s); 3412 if (fname) { 3413 unlink(fname); 3414 os_free(fname); 3415 } 3416 return -1; 3417 #endif /* CONFIG_CTRL_IFACE_UDP */ 3418 } 3419 3420 3421 void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd) 3422 { 3423 struct wpa_ctrl_dst *dst, *prev; 3424 3425 if (hapd->ctrl_sock > -1) { 3426 #ifndef CONFIG_CTRL_IFACE_UDP 3427 char *fname; 3428 #endif /* !CONFIG_CTRL_IFACE_UDP */ 3429 3430 eloop_unregister_read_sock(hapd->ctrl_sock); 3431 close(hapd->ctrl_sock); 3432 hapd->ctrl_sock = -1; 3433 #ifndef CONFIG_CTRL_IFACE_UDP 3434 fname = hostapd_ctrl_iface_path(hapd); 3435 if (fname) 3436 unlink(fname); 3437 os_free(fname); 3438 3439 if (hapd->conf->ctrl_interface && 3440 rmdir(hapd->conf->ctrl_interface) < 0) { 3441 if (errno == ENOTEMPTY) { 3442 wpa_printf(MSG_DEBUG, "Control interface " 3443 "directory not empty - leaving it " 3444 "behind"); 3445 } else { 3446 wpa_printf(MSG_ERROR, 3447 "rmdir[ctrl_interface=%s]: %s", 3448 hapd->conf->ctrl_interface, 3449 strerror(errno)); 3450 } 3451 } 3452 #endif /* !CONFIG_CTRL_IFACE_UDP */ 3453 } 3454 3455 dl_list_for_each_safe(dst, prev, &hapd->ctrl_dst, struct wpa_ctrl_dst, 3456 list) 3457 os_free(dst); 3458 3459 #ifdef CONFIG_TESTING_OPTIONS 3460 l2_packet_deinit(hapd->l2_test); 3461 hapd->l2_test = NULL; 3462 #endif /* CONFIG_TESTING_OPTIONS */ 3463 } 3464 3465 3466 static int hostapd_ctrl_iface_add(struct hapd_interfaces *interfaces, 3467 char *buf) 3468 { 3469 if (hostapd_add_iface(interfaces, buf) < 0) { 3470 wpa_printf(MSG_ERROR, "Adding interface %s failed", buf); 3471 return -1; 3472 } 3473 return 0; 3474 } 3475 3476 3477 static int hostapd_ctrl_iface_remove(struct hapd_interfaces *interfaces, 3478 char *buf) 3479 { 3480 if (hostapd_remove_iface(interfaces, buf) < 0) { 3481 wpa_printf(MSG_ERROR, "Removing interface %s failed", buf); 3482 return -1; 3483 } 3484 return 0; 3485 } 3486 3487 3488 static int hostapd_global_ctrl_iface_attach(struct hapd_interfaces *interfaces, 3489 struct sockaddr_storage *from, 3490 socklen_t fromlen) 3491 { 3492 return ctrl_iface_attach(&interfaces->global_ctrl_dst, from, fromlen); 3493 } 3494 3495 3496 static int hostapd_global_ctrl_iface_detach(struct hapd_interfaces *interfaces, 3497 struct sockaddr_storage *from, 3498 socklen_t fromlen) 3499 { 3500 return ctrl_iface_detach(&interfaces->global_ctrl_dst, from, fromlen); 3501 } 3502 3503 3504 static void hostapd_ctrl_iface_flush(struct hapd_interfaces *interfaces) 3505 { 3506 #ifdef CONFIG_WPS_TESTING 3507 wps_version_number = 0x20; 3508 wps_testing_dummy_cred = 0; 3509 wps_corrupt_pkhash = 0; 3510 #endif /* CONFIG_WPS_TESTING */ 3511 } 3512 3513 3514 #ifdef CONFIG_FST 3515 3516 static int 3517 hostapd_global_ctrl_iface_fst_attach(struct hapd_interfaces *interfaces, 3518 const char *cmd) 3519 { 3520 char ifname[IFNAMSIZ + 1]; 3521 struct fst_iface_cfg cfg; 3522 struct hostapd_data *hapd; 3523 struct fst_wpa_obj iface_obj; 3524 3525 if (!fst_parse_attach_command(cmd, ifname, sizeof(ifname), &cfg)) { 3526 hapd = hostapd_get_iface(interfaces, ifname); 3527 if (hapd) { 3528 if (hapd->iface->fst) { 3529 wpa_printf(MSG_INFO, "FST: Already attached"); 3530 return -1; 3531 } 3532 fst_hostapd_fill_iface_obj(hapd, &iface_obj); 3533 hapd->iface->fst = fst_attach(ifname, hapd->own_addr, 3534 &iface_obj, &cfg); 3535 if (hapd->iface->fst) 3536 return 0; 3537 } 3538 } 3539 3540 return -EINVAL; 3541 } 3542 3543 3544 static int 3545 hostapd_global_ctrl_iface_fst_detach(struct hapd_interfaces *interfaces, 3546 const char *cmd) 3547 { 3548 char ifname[IFNAMSIZ + 1]; 3549 struct hostapd_data * hapd; 3550 3551 if (!fst_parse_detach_command(cmd, ifname, sizeof(ifname))) { 3552 hapd = hostapd_get_iface(interfaces, ifname); 3553 if (hapd) { 3554 if (!fst_iface_detach(ifname)) { 3555 hapd->iface->fst = NULL; 3556 hapd->iface->fst_ies = NULL; 3557 return 0; 3558 } 3559 } 3560 } 3561 3562 return -EINVAL; 3563 } 3564 3565 #endif /* CONFIG_FST */ 3566 3567 3568 static struct hostapd_data * 3569 hostapd_interfaces_get_hapd(struct hapd_interfaces *interfaces, 3570 const char *ifname) 3571 { 3572 size_t i, j; 3573 3574 for (i = 0; i < interfaces->count; i++) { 3575 struct hostapd_iface *iface = interfaces->iface[i]; 3576 3577 for (j = 0; j < iface->num_bss; j++) { 3578 struct hostapd_data *hapd; 3579 3580 hapd = iface->bss[j]; 3581 if (os_strcmp(ifname, hapd->conf->iface) == 0) 3582 return hapd; 3583 } 3584 } 3585 3586 return NULL; 3587 } 3588 3589 3590 static int hostapd_ctrl_iface_dup_param(struct hostapd_data *src_hapd, 3591 struct hostapd_data *dst_hapd, 3592 const char *param) 3593 { 3594 int res; 3595 char *value; 3596 3597 value = os_zalloc(HOSTAPD_CLI_DUP_VALUE_MAX_LEN); 3598 if (!value) { 3599 wpa_printf(MSG_ERROR, 3600 "DUP: cannot allocate buffer to stringify %s", 3601 param); 3602 goto error_return; 3603 } 3604 3605 if (os_strcmp(param, "wpa") == 0) { 3606 os_snprintf(value, HOSTAPD_CLI_DUP_VALUE_MAX_LEN, "%d", 3607 src_hapd->conf->wpa); 3608 } else if (os_strcmp(param, "wpa_key_mgmt") == 0 && 3609 src_hapd->conf->wpa_key_mgmt) { 3610 res = hostapd_ctrl_iface_get_key_mgmt( 3611 src_hapd, value, HOSTAPD_CLI_DUP_VALUE_MAX_LEN); 3612 if (os_snprintf_error(HOSTAPD_CLI_DUP_VALUE_MAX_LEN, res)) 3613 goto error_stringify; 3614 } else if (os_strcmp(param, "wpa_pairwise") == 0 && 3615 src_hapd->conf->wpa_pairwise) { 3616 res = wpa_write_ciphers(value, 3617 value + HOSTAPD_CLI_DUP_VALUE_MAX_LEN, 3618 src_hapd->conf->wpa_pairwise, " "); 3619 if (res < 0) 3620 goto error_stringify; 3621 } else if (os_strcmp(param, "rsn_pairwise") == 0 && 3622 src_hapd->conf->rsn_pairwise) { 3623 res = wpa_write_ciphers(value, 3624 value + HOSTAPD_CLI_DUP_VALUE_MAX_LEN, 3625 src_hapd->conf->rsn_pairwise, " "); 3626 if (res < 0) 3627 goto error_stringify; 3628 } else if (os_strcmp(param, "wpa_passphrase") == 0 && 3629 src_hapd->conf->ssid.wpa_passphrase) { 3630 os_snprintf(value, HOSTAPD_CLI_DUP_VALUE_MAX_LEN, "%s", 3631 src_hapd->conf->ssid.wpa_passphrase); 3632 } else if (os_strcmp(param, "wpa_psk") == 0 && 3633 src_hapd->conf->ssid.wpa_psk_set) { 3634 wpa_snprintf_hex(value, HOSTAPD_CLI_DUP_VALUE_MAX_LEN, 3635 src_hapd->conf->ssid.wpa_psk->psk, PMK_LEN); 3636 } else { 3637 wpa_printf(MSG_WARNING, "DUP: %s cannot be duplicated", param); 3638 goto error_return; 3639 } 3640 3641 res = hostapd_set_iface(dst_hapd->iconf, dst_hapd->conf, param, value); 3642 os_free(value); 3643 return res; 3644 3645 error_stringify: 3646 wpa_printf(MSG_ERROR, "DUP: cannot stringify %s", param); 3647 error_return: 3648 os_free(value); 3649 return -1; 3650 } 3651 3652 3653 static int 3654 hostapd_global_ctrl_iface_interfaces(struct hapd_interfaces *interfaces, 3655 const char *input, 3656 char *reply, int reply_size) 3657 { 3658 size_t i, j; 3659 int res; 3660 char *pos, *end; 3661 struct hostapd_iface *iface; 3662 int show_ctrl = 0; 3663 3664 if (input) 3665 show_ctrl = !!os_strstr(input, "ctrl"); 3666 3667 pos = reply; 3668 end = reply + reply_size; 3669 3670 for (i = 0; i < interfaces->count; i++) { 3671 iface = interfaces->iface[i]; 3672 3673 for (j = 0; j < iface->num_bss; j++) { 3674 struct hostapd_bss_config *conf; 3675 3676 conf = iface->conf->bss[j]; 3677 if (show_ctrl) 3678 res = os_snprintf(pos, end - pos, 3679 "%s ctrl_iface=%s\n", 3680 conf->iface, 3681 conf->ctrl_interface ? 3682 conf->ctrl_interface : "N/A"); 3683 else 3684 res = os_snprintf(pos, end - pos, "%s\n", 3685 conf->iface); 3686 if (os_snprintf_error(end - pos, res)) { 3687 *pos = '\0'; 3688 return pos - reply; 3689 } 3690 pos += res; 3691 } 3692 } 3693 3694 return pos - reply; 3695 } 3696 3697 3698 static int 3699 hostapd_global_ctrl_iface_dup_network(struct hapd_interfaces *interfaces, 3700 char *cmd) 3701 { 3702 char *p_start = cmd, *p_end; 3703 struct hostapd_data *src_hapd, *dst_hapd; 3704 3705 /* cmd: "<src ifname> <dst ifname> <variable name> */ 3706 3707 p_end = os_strchr(p_start, ' '); 3708 if (!p_end) { 3709 wpa_printf(MSG_ERROR, "DUP: no src ifname found in cmd: '%s'", 3710 cmd); 3711 return -1; 3712 } 3713 3714 *p_end = '\0'; 3715 src_hapd = hostapd_interfaces_get_hapd(interfaces, p_start); 3716 if (!src_hapd) { 3717 wpa_printf(MSG_ERROR, "DUP: no src ifname found: '%s'", 3718 p_start); 3719 return -1; 3720 } 3721 3722 p_start = p_end + 1; 3723 p_end = os_strchr(p_start, ' '); 3724 if (!p_end) { 3725 wpa_printf(MSG_ERROR, "DUP: no dst ifname found in cmd: '%s'", 3726 cmd); 3727 return -1; 3728 } 3729 3730 *p_end = '\0'; 3731 dst_hapd = hostapd_interfaces_get_hapd(interfaces, p_start); 3732 if (!dst_hapd) { 3733 wpa_printf(MSG_ERROR, "DUP: no dst ifname found: '%s'", 3734 p_start); 3735 return -1; 3736 } 3737 3738 p_start = p_end + 1; 3739 return hostapd_ctrl_iface_dup_param(src_hapd, dst_hapd, p_start); 3740 } 3741 3742 3743 static int hostapd_global_ctrl_iface_ifname(struct hapd_interfaces *interfaces, 3744 const char *ifname, 3745 char *buf, char *reply, 3746 int reply_size, 3747 struct sockaddr_storage *from, 3748 socklen_t fromlen) 3749 { 3750 struct hostapd_data *hapd; 3751 3752 hapd = hostapd_interfaces_get_hapd(interfaces, ifname); 3753 if (hapd == NULL) { 3754 int res; 3755 3756 res = os_snprintf(reply, reply_size, "FAIL-NO-IFNAME-MATCH\n"); 3757 if (os_snprintf_error(reply_size, res)) 3758 return -1; 3759 return res; 3760 } 3761 3762 return hostapd_ctrl_iface_receive_process(hapd, buf, reply,reply_size, 3763 from, fromlen); 3764 } 3765 3766 3767 static void hostapd_global_ctrl_iface_receive(int sock, void *eloop_ctx, 3768 void *sock_ctx) 3769 { 3770 void *interfaces = eloop_ctx; 3771 char buffer[256], *buf = buffer; 3772 int res; 3773 struct sockaddr_storage from; 3774 socklen_t fromlen = sizeof(from); 3775 char *reply; 3776 int reply_len; 3777 const int reply_size = 4096; 3778 #ifdef CONFIG_CTRL_IFACE_UDP 3779 unsigned char lcookie[COOKIE_LEN]; 3780 #endif /* CONFIG_CTRL_IFACE_UDP */ 3781 3782 res = recvfrom(sock, buffer, sizeof(buffer) - 1, 0, 3783 (struct sockaddr *) &from, &fromlen); 3784 if (res < 0) { 3785 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", 3786 strerror(errno)); 3787 return; 3788 } 3789 buf[res] = '\0'; 3790 wpa_printf(MSG_DEBUG, "Global ctrl_iface command: %s", buf); 3791 3792 reply = os_malloc(reply_size); 3793 if (reply == NULL) { 3794 if (sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from, 3795 fromlen) < 0) { 3796 wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s", 3797 strerror(errno)); 3798 } 3799 return; 3800 } 3801 3802 os_memcpy(reply, "OK\n", 3); 3803 reply_len = 3; 3804 3805 #ifdef CONFIG_CTRL_IFACE_UDP 3806 if (os_strcmp(buf, "GET_COOKIE") == 0) { 3807 os_memcpy(reply, "COOKIE=", 7); 3808 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1, 3809 gcookie, COOKIE_LEN); 3810 reply_len = 7 + 2 * COOKIE_LEN; 3811 goto send_reply; 3812 } 3813 3814 if (os_strncmp(buf, "COOKIE=", 7) != 0 || 3815 hexstr2bin(buf + 7, lcookie, COOKIE_LEN) < 0) { 3816 wpa_printf(MSG_DEBUG, 3817 "CTRL: No cookie in the request - drop request"); 3818 os_free(reply); 3819 return; 3820 } 3821 3822 if (os_memcmp(gcookie, lcookie, COOKIE_LEN) != 0) { 3823 wpa_printf(MSG_DEBUG, 3824 "CTRL: Invalid cookie in the request - drop request"); 3825 os_free(reply); 3826 return; 3827 } 3828 3829 buf += 7 + 2 * COOKIE_LEN; 3830 while (*buf == ' ') 3831 buf++; 3832 #endif /* CONFIG_CTRL_IFACE_UDP */ 3833 3834 if (os_strncmp(buf, "IFNAME=", 7) == 0) { 3835 char *pos = os_strchr(buf + 7, ' '); 3836 3837 if (pos) { 3838 *pos++ = '\0'; 3839 reply_len = hostapd_global_ctrl_iface_ifname( 3840 interfaces, buf + 7, pos, reply, reply_size, 3841 &from, fromlen); 3842 goto send_reply; 3843 } 3844 } 3845 3846 if (os_strcmp(buf, "PING") == 0) { 3847 os_memcpy(reply, "PONG\n", 5); 3848 reply_len = 5; 3849 } else if (os_strncmp(buf, "RELOG", 5) == 0) { 3850 if (wpa_debug_reopen_file() < 0) 3851 reply_len = -1; 3852 } else if (os_strcmp(buf, "FLUSH") == 0) { 3853 hostapd_ctrl_iface_flush(interfaces); 3854 } else if (os_strncmp(buf, "ADD ", 4) == 0) { 3855 if (hostapd_ctrl_iface_add(interfaces, buf + 4) < 0) 3856 reply_len = -1; 3857 } else if (os_strncmp(buf, "REMOVE ", 7) == 0) { 3858 if (hostapd_ctrl_iface_remove(interfaces, buf + 7) < 0) 3859 reply_len = -1; 3860 } else if (os_strcmp(buf, "ATTACH") == 0) { 3861 if (hostapd_global_ctrl_iface_attach(interfaces, &from, 3862 fromlen)) 3863 reply_len = -1; 3864 } else if (os_strcmp(buf, "DETACH") == 0) { 3865 if (hostapd_global_ctrl_iface_detach(interfaces, &from, 3866 fromlen)) 3867 reply_len = -1; 3868 #ifdef CONFIG_MODULE_TESTS 3869 } else if (os_strcmp(buf, "MODULE_TESTS") == 0) { 3870 if (hapd_module_tests() < 0) 3871 reply_len = -1; 3872 #endif /* CONFIG_MODULE_TESTS */ 3873 #ifdef CONFIG_FST 3874 } else if (os_strncmp(buf, "FST-ATTACH ", 11) == 0) { 3875 if (!hostapd_global_ctrl_iface_fst_attach(interfaces, buf + 11)) 3876 reply_len = os_snprintf(reply, reply_size, "OK\n"); 3877 else 3878 reply_len = -1; 3879 } else if (os_strncmp(buf, "FST-DETACH ", 11) == 0) { 3880 if (!hostapd_global_ctrl_iface_fst_detach(interfaces, buf + 11)) 3881 reply_len = os_snprintf(reply, reply_size, "OK\n"); 3882 else 3883 reply_len = -1; 3884 } else if (os_strncmp(buf, "FST-MANAGER ", 12) == 0) { 3885 reply_len = fst_ctrl_iface_receive(buf + 12, reply, reply_size); 3886 #endif /* CONFIG_FST */ 3887 } else if (os_strncmp(buf, "DUP_NETWORK ", 12) == 0) { 3888 if (!hostapd_global_ctrl_iface_dup_network(interfaces, 3889 buf + 12)) 3890 reply_len = os_snprintf(reply, reply_size, "OK\n"); 3891 else 3892 reply_len = -1; 3893 } else if (os_strncmp(buf, "INTERFACES", 10) == 0) { 3894 reply_len = hostapd_global_ctrl_iface_interfaces( 3895 interfaces, buf + 10, reply, sizeof(buffer)); 3896 } else if (os_strcmp(buf, "TERMINATE") == 0) { 3897 eloop_terminate(); 3898 } else { 3899 wpa_printf(MSG_DEBUG, "Unrecognized global ctrl_iface command " 3900 "ignored"); 3901 reply_len = -1; 3902 } 3903 3904 send_reply: 3905 if (reply_len < 0) { 3906 os_memcpy(reply, "FAIL\n", 5); 3907 reply_len = 5; 3908 } 3909 3910 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, 3911 fromlen) < 0) { 3912 wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s", 3913 strerror(errno)); 3914 } 3915 os_free(reply); 3916 } 3917 3918 3919 #ifndef CONFIG_CTRL_IFACE_UDP 3920 static char * hostapd_global_ctrl_iface_path(struct hapd_interfaces *interface) 3921 { 3922 char *buf; 3923 size_t len; 3924 3925 if (interface->global_iface_path == NULL) 3926 return NULL; 3927 3928 len = os_strlen(interface->global_iface_path) + 3929 os_strlen(interface->global_iface_name) + 2; 3930 buf = os_malloc(len); 3931 if (buf == NULL) 3932 return NULL; 3933 3934 os_snprintf(buf, len, "%s/%s", interface->global_iface_path, 3935 interface->global_iface_name); 3936 buf[len - 1] = '\0'; 3937 return buf; 3938 } 3939 #endif /* CONFIG_CTRL_IFACE_UDP */ 3940 3941 3942 int hostapd_global_ctrl_iface_init(struct hapd_interfaces *interface) 3943 { 3944 #ifdef CONFIG_CTRL_IFACE_UDP 3945 int port = HOSTAPD_GLOBAL_CTRL_IFACE_PORT; 3946 char p[32] = { 0 }; 3947 char *pos; 3948 struct addrinfo hints = { 0 }, *res, *saveres; 3949 int n; 3950 3951 if (interface->global_ctrl_sock > -1) { 3952 wpa_printf(MSG_DEBUG, "ctrl_iface already exists!"); 3953 return 0; 3954 } 3955 3956 if (interface->global_iface_path == NULL) 3957 return 0; 3958 3959 pos = os_strstr(interface->global_iface_path, "udp:"); 3960 if (pos) { 3961 pos += 4; 3962 port = atoi(pos); 3963 if (port <= 0) { 3964 wpa_printf(MSG_ERROR, "Invalid global ctrl UDP port"); 3965 goto fail; 3966 } 3967 } 3968 3969 os_get_random(gcookie, COOKIE_LEN); 3970 3971 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE 3972 hints.ai_flags = AI_PASSIVE; 3973 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */ 3974 3975 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6 3976 hints.ai_family = AF_INET6; 3977 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */ 3978 hints.ai_family = AF_INET; 3979 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */ 3980 hints.ai_socktype = SOCK_DGRAM; 3981 3982 try_again: 3983 os_snprintf(p, sizeof(p), "%d", port); 3984 n = getaddrinfo(NULL, p, &hints, &res); 3985 if (n) { 3986 wpa_printf(MSG_ERROR, "getaddrinfo(): %s", gai_strerror(n)); 3987 goto fail; 3988 } 3989 3990 saveres = res; 3991 interface->global_ctrl_sock = socket(res->ai_family, res->ai_socktype, 3992 res->ai_protocol); 3993 if (interface->global_ctrl_sock < 0) { 3994 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno)); 3995 goto fail; 3996 } 3997 3998 if (bind(interface->global_ctrl_sock, res->ai_addr, res->ai_addrlen) < 3999 0) { 4000 port++; 4001 if ((port - HOSTAPD_GLOBAL_CTRL_IFACE_PORT) < 4002 HOSTAPD_GLOBAL_CTRL_IFACE_PORT_LIMIT && !pos) 4003 goto try_again; 4004 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno)); 4005 goto fail; 4006 } 4007 4008 freeaddrinfo(saveres); 4009 4010 wpa_printf(MSG_DEBUG, "global ctrl_iface_init UDP port: %d", port); 4011 4012 if (eloop_register_read_sock(interface->global_ctrl_sock, 4013 hostapd_global_ctrl_iface_receive, 4014 interface, NULL) < 0) { 4015 hostapd_global_ctrl_iface_deinit(interface); 4016 return -1; 4017 } 4018 4019 return 0; 4020 4021 fail: 4022 if (interface->global_ctrl_sock >= 0) 4023 close(interface->global_ctrl_sock); 4024 return -1; 4025 #else /* CONFIG_CTRL_IFACE_UDP */ 4026 struct sockaddr_un addr; 4027 int s = -1; 4028 char *fname = NULL; 4029 4030 if (interface->global_iface_path == NULL) { 4031 wpa_printf(MSG_DEBUG, "ctrl_iface not configured!"); 4032 return 0; 4033 } 4034 4035 if (mkdir(interface->global_iface_path, S_IRWXU | S_IRWXG) < 0) { 4036 if (errno == EEXIST) { 4037 wpa_printf(MSG_DEBUG, "Using existing control " 4038 "interface directory."); 4039 } else { 4040 wpa_printf(MSG_ERROR, "mkdir[ctrl_interface]: %s", 4041 strerror(errno)); 4042 goto fail; 4043 } 4044 } else if (interface->ctrl_iface_group && 4045 chown(interface->global_iface_path, -1, 4046 interface->ctrl_iface_group) < 0) { 4047 wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s", 4048 strerror(errno)); 4049 goto fail; 4050 } 4051 4052 if (os_strlen(interface->global_iface_path) + 1 + 4053 os_strlen(interface->global_iface_name) >= sizeof(addr.sun_path)) 4054 goto fail; 4055 4056 s = socket(PF_UNIX, SOCK_DGRAM, 0); 4057 if (s < 0) { 4058 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno)); 4059 goto fail; 4060 } 4061 4062 os_memset(&addr, 0, sizeof(addr)); 4063 #ifdef __FreeBSD__ 4064 addr.sun_len = sizeof(addr); 4065 #endif /* __FreeBSD__ */ 4066 addr.sun_family = AF_UNIX; 4067 fname = hostapd_global_ctrl_iface_path(interface); 4068 if (fname == NULL) 4069 goto fail; 4070 os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path)); 4071 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 4072 wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s", 4073 strerror(errno)); 4074 if (connect(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 4075 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not" 4076 " allow connections - assuming it was left" 4077 "over from forced program termination"); 4078 if (unlink(fname) < 0) { 4079 wpa_printf(MSG_ERROR, 4080 "Could not unlink existing ctrl_iface socket '%s': %s", 4081 fname, strerror(errno)); 4082 goto fail; 4083 } 4084 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 4085 0) { 4086 wpa_printf(MSG_ERROR, "bind(PF_UNIX): %s", 4087 strerror(errno)); 4088 goto fail; 4089 } 4090 wpa_printf(MSG_DEBUG, "Successfully replaced leftover " 4091 "ctrl_iface socket '%s'", fname); 4092 } else { 4093 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to " 4094 "be in use - cannot override it"); 4095 wpa_printf(MSG_INFO, "Delete '%s' manually if it is " 4096 "not used anymore", fname); 4097 os_free(fname); 4098 fname = NULL; 4099 goto fail; 4100 } 4101 } 4102 4103 if (interface->ctrl_iface_group && 4104 chown(fname, -1, interface->ctrl_iface_group) < 0) { 4105 wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s", 4106 strerror(errno)); 4107 goto fail; 4108 } 4109 4110 if (chmod(fname, S_IRWXU | S_IRWXG) < 0) { 4111 wpa_printf(MSG_ERROR, "chmod[ctrl_interface/ifname]: %s", 4112 strerror(errno)); 4113 goto fail; 4114 } 4115 os_free(fname); 4116 4117 interface->global_ctrl_sock = s; 4118 eloop_register_read_sock(s, hostapd_global_ctrl_iface_receive, 4119 interface, NULL); 4120 4121 return 0; 4122 4123 fail: 4124 if (s >= 0) 4125 close(s); 4126 if (fname) { 4127 unlink(fname); 4128 os_free(fname); 4129 } 4130 return -1; 4131 #endif /* CONFIG_CTRL_IFACE_UDP */ 4132 } 4133 4134 4135 void hostapd_global_ctrl_iface_deinit(struct hapd_interfaces *interfaces) 4136 { 4137 #ifndef CONFIG_CTRL_IFACE_UDP 4138 char *fname = NULL; 4139 #endif /* CONFIG_CTRL_IFACE_UDP */ 4140 struct wpa_ctrl_dst *dst, *prev; 4141 4142 if (interfaces->global_ctrl_sock > -1) { 4143 eloop_unregister_read_sock(interfaces->global_ctrl_sock); 4144 close(interfaces->global_ctrl_sock); 4145 interfaces->global_ctrl_sock = -1; 4146 #ifndef CONFIG_CTRL_IFACE_UDP 4147 fname = hostapd_global_ctrl_iface_path(interfaces); 4148 if (fname) { 4149 unlink(fname); 4150 os_free(fname); 4151 } 4152 4153 if (interfaces->global_iface_path && 4154 rmdir(interfaces->global_iface_path) < 0) { 4155 if (errno == ENOTEMPTY) { 4156 wpa_printf(MSG_DEBUG, "Control interface " 4157 "directory not empty - leaving it " 4158 "behind"); 4159 } else { 4160 wpa_printf(MSG_ERROR, 4161 "rmdir[ctrl_interface=%s]: %s", 4162 interfaces->global_iface_path, 4163 strerror(errno)); 4164 } 4165 } 4166 #endif /* CONFIG_CTRL_IFACE_UDP */ 4167 } 4168 4169 os_free(interfaces->global_iface_path); 4170 interfaces->global_iface_path = NULL; 4171 4172 dl_list_for_each_safe(dst, prev, &interfaces->global_ctrl_dst, 4173 struct wpa_ctrl_dst, list) 4174 os_free(dst); 4175 } 4176 4177 4178 static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, 4179 enum wpa_msg_type type, 4180 const char *buf, size_t len) 4181 { 4182 struct wpa_ctrl_dst *dst, *next; 4183 struct dl_list *ctrl_dst; 4184 struct msghdr msg; 4185 int idx; 4186 struct iovec io[2]; 4187 char levelstr[10]; 4188 int s; 4189 4190 if (type != WPA_MSG_ONLY_GLOBAL) { 4191 s = hapd->ctrl_sock; 4192 ctrl_dst = &hapd->ctrl_dst; 4193 } else { 4194 s = hapd->iface->interfaces->global_ctrl_sock; 4195 ctrl_dst = &hapd->iface->interfaces->global_ctrl_dst; 4196 } 4197 4198 if (s < 0 || dl_list_empty(ctrl_dst)) 4199 return; 4200 4201 os_snprintf(levelstr, sizeof(levelstr), "<%d>", level); 4202 io[0].iov_base = levelstr; 4203 io[0].iov_len = os_strlen(levelstr); 4204 io[1].iov_base = (char *) buf; 4205 io[1].iov_len = len; 4206 os_memset(&msg, 0, sizeof(msg)); 4207 msg.msg_iov = io; 4208 msg.msg_iovlen = 2; 4209 4210 idx = 0; 4211 dl_list_for_each_safe(dst, next, ctrl_dst, struct wpa_ctrl_dst, list) { 4212 if (level >= dst->debug_level) { 4213 sockaddr_print(MSG_DEBUG, "CTRL_IFACE monitor send", 4214 &dst->addr, dst->addrlen); 4215 msg.msg_name = &dst->addr; 4216 msg.msg_namelen = dst->addrlen; 4217 if (sendmsg(s, &msg, 0) < 0) { 4218 int _errno = errno; 4219 wpa_printf(MSG_INFO, "CTRL_IFACE monitor[%d]: " 4220 "%d - %s", 4221 idx, errno, strerror(errno)); 4222 dst->errors++; 4223 if (dst->errors > 10 || _errno == ENOENT) { 4224 if (type != WPA_MSG_ONLY_GLOBAL) 4225 hostapd_ctrl_iface_detach( 4226 hapd, &dst->addr, 4227 dst->addrlen); 4228 else 4229 hostapd_global_ctrl_iface_detach( 4230 hapd->iface->interfaces, 4231 &dst->addr, 4232 dst->addrlen); 4233 } 4234 } else 4235 dst->errors = 0; 4236 } 4237 idx++; 4238 } 4239 } 4240 4241 #endif /* CONFIG_NATIVE_WINDOWS */ 4242